[nycbug-talk] FreeBSD Dual homed
lists at kittypee.com
Thu Dec 20 23:17:43 EST 2007
On Dec 20, 2007, at 2:24 PM, Rodrique Heron wrote:
> # ifconfig -a
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 126.96.36.199 netmask 0xffffff00 broadcast
> em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 188.8.131.52 netmask 0xffffff00 broadcast
> # netstat -rn -f inet
> Routing tables
> Destination Gateway Flags Refs Use Netif
> default 184.108.40.206 UGS 0 415 em1
> 150.210.160/24 link#2 UC 0 0 em1
> 150.210.240/24 link#1 UC 0 0 em0
You could have a problem with your ISP using some sort of anti IP
An SSH connection to 220.127.116.11 would not work in that case.
The incoming packets will come in on the em0 interface as expected,
but outgoing packets will travel out of the em1 interface. All
routing decisions are solely based on the destination address, and
have nothing to do with the source address. And you default route is
18.104.22.168 which lies on the em1 interface.
Anti IP spoofing measures would cause a problem here. In general your
ISP could be filtering traffic coming from your em1 interface that
does not have a source address of 22.214.171.124/24. Probably the
same as filtering traffic coming from em0 that does not have a source
of 126.96.36.199/24. This type of filtering can be fairly common,
since it is rarely problematic, easy to implement, and reduces lots of
If this is the case, connections to 188.8.131.52 should work fine.
Solutions to this problem are having your ISP allow both subnets on
both interfaces, or using some other magic to make routing decisions
based on source address.
If this isn't the case, it may take some tcpdump'ing to watch the
traffic on the interfaces to see what is really happening.
More information about the talk