IP "routing" issue

John-Mark Gurney jmg at funkthat.com
Tue Sep 15 19:10:56 UTC 2020 

Abelenda Diego wrote this message on Thu, Sep 10, 2020 at 18:54 +0200:
> Hello,
> 
> Thank you for pointing route "-iface" however I can't seem to manage what I
> want.
> 
> When I use:
> "route add -host $IP_NOT_IN_SUBNET -iface bce0"
> 
> I get "netstat -rn" to say someting like:
> 
> Internet:
> Destination        Gateway               Flags     Netif Expire
> default            $UPSTREAM_GW          UGS        bce0
> 10.0.0.1           link#7                UHS         lo0
> $IP_NO_IN_SUBNET   $MAC_ADDRESS_OF_BCE0  UHS        bce0
> 
> 
> Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I get:
> 
> root at opnsense2:~ # ping $IP_NOT_IN_SUBNET
> PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes
> 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0).
> 
> Which doesn't seem appropriate at all wrt the routing table...
> 
> Did I use "route add" wrong?
> 
> Also I want to keep the setup simple, going through private IPs on the public VLAN of the datacenter might get me in trouble with them, and using other VLANs for that will be a pain.

Can you provide a diagram of the network layout, and where the
configuration needs to go?  Because if it's just the opnsense box that
needs the IP addresses, adding them as an alias to bce is enough to
make it work.

If you're trying to do something else, like have boxes behind the
opnsense box have those IP addresses, then:
route add $IP_NO_IN_SUBNET $IP_OF_BOX_WITH_IP_NO_IN_SUBNET

would just work.

I just noticed the 10.0.0.1 IP on lo0, and that's a bit odd to have...

> On Wed, 9 Sep 2020 17:35:45 +0200
> kaycee gb <kisscoolandthegangbang at hotmail.fr> wrote:
> 
> > Le Wed, 9 Sep 2020 16:42:54 +0200,
> > Abelenda Diego <diego.abelenda at gmail.com> a écrit :
> > 
> > > Hello,
> > > 
> > > I've got a FreeBSD installation in a DataCenter that provided me with a
> > > single address IPv4 with an upstream gateway (cidr is fine the upstream
> > > gateway works everything is nice and running). I use this machine for
> > > Masquerading an private infrastructure.
> > > 
> > > Now I need other machines with public IPv4 and when I requested the
> > > additional IPv4 to the DataCenter, they gave me a bunch of /32 addresses
> > > saying that my previous IPv4 MUST be configured as next-hop on their side.
> > > From my understanding in FreeBSD the route command is unable to perform this
> > > kind of configuration where you tell that the IPv4 /32 is available without
> > > next-hop (no via) on a specific link. I know the linux "ip route add $IP dev
> > > $LINK" configures this, but I cannot seem to map this knowledge to FreeBSD.
> > > 
> > > Is it possible to perform this very special setup with any command on
> > > FreeBSD? If yes what is that command?
> > > 
> > > Best regards,
> > > Diego Abelenda  
> > 
> > Hi,
> > 
> > Do the other machines have a private address ? Is it a problem if they have
> > one ? 
> > If it is possible, you can route via this private address on your FreeBSD
> > installation to the new one and assign a public/32 to the last.
> > 
> > Alternatively to doing routing like above, if you have a firewall enabled on
> > the first machine, you can do address forwarding between the first and the
> > new one. 
> > 
> > And last, maybe with something like -iface from "route" you can achieve what
> > you want. 

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200915/584ebd94/attachment.sig>

More information about the freebsd-net mailing list