Hi, I asked this question a week ago but there was no reply, so I am asking it again somewhat differently. I would really greatly appreciate any comments on this!
Is it possible to change a cloned link-level host route (generated by arp requests) into a static gateway host route? The scenario is the following: On an OpenBSD firewall and router, I have an interface if0 with address 192.168.1.1/24. There is a second interface if1 with an irrelevant address and network, and a default route exists to some IP behind if1. Now, there is a host 192.168.1.2 which sits behind a third host 192.168.1.3 from the network segment of if0. So I would like to set a host route as follows: route add -host 192.168.1.2 192.168.1.3 this would generate a static host route: Destination Gateway Flags Interface 192.168.1.0/24 link#2 UC if0 192.168.1.2 192.168.1.3 UGHS if0 Now, it can happen that network traffic destined for host 192.168.1.2 comes in on if1 before the route is set. So my firewall sends out an arp request. Since it sees that the IP belongs to the network of if0, it generates a cloning route of the form Destination Gateway Flags Interface 192.168.1.0/24 link#1 UC if0 192.168.1.2 link#1 UHLc if0 for the still incomplete arp entry, and the "link#1" is replaced by the MAC address as soon as the arp requests completes (if an arp reply comes through, for instance if host 192.168.1.3 does proxy arp for 192.168.1.2). I would like to change this "arp route" into the static route above, but the problem is that although the command route change -host 192.168.1.2 192.168.1.3 replaces the Gateway entry of the route with 192.168.1.3 this change is only temporary since the flags are not changed: Destination Gateway Flags Interface 192.168.1.0/24 link#1 UC if0 192.168.1.2 192.168.1.3 UHLc if0 and hence the next arp request overwrites the route again. This behaviour is not changed when I add the "-static" parameter to the "route change" command. My question is if there is a reliable way of changing the route in the desired way preferably without removing it first. I feel this should be possible! Maybe I am just missing something obvious. I could of course disable traffic to the host by firewall rules or by bringing down interface if1, then remove the arp route and finally add the static route. But this is not an option: It would be best to be able to change the route "on the fly" without interrupting the traffic. Well, this was some kind of novel, but I hope I have made my problem clearer this time. I would be glad about any hints! Thanks, Michael
