Different take on old FAQ: multihoming and source-based routing
tamino at wolfhut.org
Sat Sep 1 21:49:09 UTC 2012
I've been doing a lot of google searching recently for variants of
"freebsd source-based routing" to look for how to get a dual-homed
FreeBSD machine to send to the correct default gateway based on the
source address of the packets it's expecting that gateway to pass along.
You can't send a packet with a Comcast source address to the AT&T
default gateway and expect it to actually make it out onto the public
Universally, the posts I've been finding that discuss this always
recommend creating multiple routing tables with "options ROUTETABLES=..."
which I wasn't willing to do, because my wild youthful kernel-recompiling
days are over -- these days I like the advantages that come with using a
pure GENERIC kernel. :-)
So, today I tried the following /etc/pf.conf:
> if = "bge0"
> v4_addr_1 = "22.214.171.124"
> v4_net_1 = "126.96.36.199/24"
> v4_gw_1 = "188.8.131.52"
> v4_addr_2 = "184.108.40.206"
> v4_net_2 = "220.127.116.11/28"
> v4_gw_2 = "18.104.22.168"
> pass out quick on $if route-to ($if $v4_gw_1) inet from $v4_addr_1 to !$v4_net_1 no state
> pass out quick on $if route-to ($if $v4_gw_2) inet from $v4_addr_2 to !$v4_net_2 no state
> #pass out quick on $if route-to ($if $v6_gw_1) inet6 from $v6_addr_1 to !$v6_net_1 no state
> pass all no state
I guess my setup is a bit simpler than the norm because I only have
one physical interface, that both networks are on. But... by Jove,
it seems to be working!
Is there something I'm missing? Is this going to break in some subtle
edge case that I'm just not seeing?
If it really is this simple, why does everyone keep recommending
the "options ROUTETABLES" approach?
More information about the freebsd-questions