В пт, 14.11.2003, в 09:02, Jason Dixon пишет: > Sorry if this is well-traveled territory, but I haven't found anything > relevant in the lists, handbook or FAQ. > > I have a setup on a network where 802.11b traffic from a group of > wireless hosts is "reflected" off the internal interface of an OpenBSD > firewall. In order to encrypt all wireless traffic, I enforce a series > of host tunnels from the wireless clients into the gateway. This > requires that *all* LAN hosts "bounce" off the firewall in order to > ensure proper routing both ways. > > For any traffic destined from one of these systems (say, my Linux > laptop, for example) to another local host, packets traverse an IPsec > tunnel, exit on enc0 of the firewall, and are NATted back into the wired > segment (fxp1). With Linux and Windows hosts, I'm able to add static > routes to bind to the gateway IP address (192.168.0.1). > > Unfortunately, it appears that FreeBSD (4.9-RELEASE) ignores my intent, > instead assuming(?) that I wish to assign the route to the interface, > rather than the IP. The expected behavior is that traffic is routed > locally, rather than across the gateway, breaking all TCP traffic. > > Any ideas? Am I overlooking something simple? Here is the route > command I've used and my routing table: > > route add -net 192.168.0.0 192.168.0.1 -netmask 255.255.255.0 > > Destination Gateway Flags Refs Use Netif Expire > default 192.168.0.1 UGSc 2 0 fxp0 > 127.0.0.1 127.0.0.1 UH 1 0 lo0 > 192.168.0 link#1 UC 3 0 fxp0 > 192.168.0.1 00:a0:cc:e2:7e:f4 UHLW 3 808 fxp0 596 > 192.168.0.42 00:05:5d:a6:df:e3 UHLW 1 63 fxp0 992 > 192.168.0.53 127.0.0.1 UGHS 0 0 lo0
I guess - you already have 192.168.0.0/24 route entry, added by command: ifconfig fxp0 192.168.0.53/24 so now you need: remove network route via interface: route delete 192.168.0.0/24 add interface route (kernel should know how to reach router) route add 192.168.0.1/32 -iface fxp0 -cloning and then add network route via router route add 192.168.0.0/24 192.168.0.1 > Thanks in advance, -- Vladimir B. Grebenschikov <[EMAIL PROTECTED]> SWsoft Inc. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
