IP "routing" issue
Eugene Grosbein
eugen at grosbein.net
Thu Sep 10 17:20:41 UTC 2020
10.09.2020 23:54, Abelenda Diego wrote:
> Thank you for pointing route "-iface" however I can't seem to manage what I
> want.
>
> When I use:
> "route add -host $IP_NOT_IN_SUBNET -iface bce0"
>
> I get "netstat -rn" to say someting like:
>
> Internet:
> Destination Gateway Flags Netif Expire
> default $UPSTREAM_GW UGS bce0
> 10.0.0.1 link#7 UHS lo0
> $IP_NO_IN_SUBNET $MAC_ADDRESS_OF_BCE0 UHS bce0
>
>
> Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I get:
>
> root at opnsense2:~ # ping $IP_NOT_IN_SUBNET
> PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes
> 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0).
>
> Which doesn't seem appropriate at all wrt the routing table...
Such route means that an attempt to send any packet to the IP in question
results in broadcast ARP query for destination IP sent out of bce0.
It seems your upstream has arp proxy enabled, so it sends ARP reply with its MAC address
making your host send IP packet to $UPSTREAM_GW, but its routing table points back
to your $PUBLIC_IP_OF_BCE0, hence redirection is generated.
You should not use "-iface bce0" but right interface name pointing to host having target IP address.
And if your own host has it, you do not need to add any route at all,
but assign additional IP as alias to bce0.
More information about the freebsd-net
mailing list