Interface address sourced packets go thru default gateway on another interface

[Julian Elischer]

Brian Hawk wrote:
> Dima Dorfman wrote:
>> I don't think it ever worked the way you described. The source IP
>> address doesn't usually affect how replies will be routed on the way
>> out.
>>   
> Then what would be the reason to bind a connection to a specific source 
> address? We do
> ping -S A.B.C.D x.y.z.t
> to make ping send packets to x.y.z.t over A.B.C.D's interface (and 
> source address) or
> telnet -s A.B.C.D x.y.z.t

no
binding does not affect the interface the packet goes out.
in  affects the address that return packets will be sent to 
but that's about all.

> 
> I believe binding an IP's source address to an interface address 
> (instead of INADDR_ANY) is to make packets go out from *that* interface, 
> not the default gw.
>> You can fix this with policy routing rules. Here's an example with PF:
>>
>> : pass out quick route-to ($other_if $other_gw) from ($other_if)
>>
>>   
> I really am an ipfilter fan. It's greate that pf support this. But I 
> think ipfilter doesn't yet. At least not the version I'm using (v3.4.35).

ipfw can do it with 
fwd {next hop} ip from ${other_if} to ${where-ever}

you can even do 
fwd tablearg ip from ${src} to  table(x) to implement a second routing table
for packets from ${src}


> 
> -Brian
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"