Whoops, sorry, I just discovered that I forgot to send this summary before I went on holidays... So here we go. My question was: > I'm looking for a possebility to do 'source routing'. What I mean with it is > that I want to be able to route based on the source, not the destination > address. Think of the following: > A box with two interfaces, each has an IP address in a different subnet > and clients from the internet connect through both interfaces. Now I > want to route the 'answers' back through the corresponding interface where > the 'question' came in. So I will need two default routes, but with this > Solaris does a kind of round robing. > With Linux I can use the advanced routing feature and can set up different > routing tables and assign traffic to these tables based on e.g. the source > address. I received three answers: - Giles Gamon send a link to a commercial tool called DefaultRouter. www.defaultrouter.com - Buddy Lumpkin suggested to set ip_enable_group_ifs=0, but this is the default now and if I understand it correctly it is just for alias interfaces and not different interfaces. I tried it anyway (also setting it to '1') but it didn't work. - Casper Dik wrote: > ipfilter actually does allow you to route deliberately using the source > address; I have two internet connections at home and use that feature > with the two rules at the start of my ipf.conf: > > pass out quick on qe0 to qe1:<qe1-router> from <qe1-address> to any > pass out quick on qe1 to qe0:<qe0-router> from <qe0-address> to any > > I have two interfaces here, qe0 and qe1; in the first rule, when a packet > is seen "on qe0" with the wrong address (from <qe*1*-address>), I send it > "to qe1" but make sure to direct the packet at "qe1-router" (the > default route for the qe1 interface). > > And the second rules send packets that should hav ebeen from qe0 but > appear to be on qe1 back to qe0's default route. I tried this one (man, compiling IPFilter was not the easiest task), and had partial success. When trying to connect to the second interface a already established connection to the first interface would stall, but the packets actually went out on the second interface. Hmm, as it wasn't urgent and I didn't have a test box at that time I stopped trying and decided to retry it if the test box gets available again. Thanks everyone, Juri -- Juri Haberland <juri@koschikode.com> _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed May 22 08:16:29 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:43 EST