Avoid using RFC3927 outside of the link
Eugene Grosbein
eugen at grosbein.net
Mon Dec 19 19:34:46 UTC 2016
20.12.2016 2:05, Alarig Le Lay пишет:
> On Tue Dec 20 01:51:17 2016, Eugene Grosbein wrote:
>> 20.12.2016 1:46, Alarig Le Lay пишет:
>>
>>> Is it possible to avoid this behaviour and reply with the public IP
>>> (89.234.186.1) instead?
>>
>> try: sysctl net.inet.icmp.reply_from_interface=1
>
> If an AS choose to go to us thought this peer, packets will come in by
> this interface, so our router will continue to reply with the apipa IP
> for those ASes.
Well, you can always use brute force instead:
ipfw nat 169 config reset ip 89.234.186.1 && \
ipfw add 60 nat 169 ip from 169.254.0.0/16 to any out xmit igb0
That's ugly but works.
More information about the freebsd-net
mailing list