[nycbug-talk] FreeBSD Dual homed
lists at kittypee.com
Thu Dec 20 23:17:43 EST 2007
On Dec 20, 2007, at 2:24 PM, Rodrique Heron wrote:
> # ifconfig -a
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 188.8.131.52 netmask 0xffffff00 broadcast
> em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 184.108.40.206 netmask 0xffffff00 broadcast
> # netstat -rn -f inet
> Routing tables
> Destination Gateway Flags Refs Use Netif
> default 220.127.116.11 UGS 0 415 em1
> 150.210.160/24 link#2 UC 0 0 em1
> 150.210.240/24 link#1 UC 0 0 em0
You could have a problem with your ISP using some sort of anti IP
An SSH connection to 18.104.22.168 would not work in that case.
The incoming packets will come in on the em0 interface as expected,
but outgoing packets will travel out of the em1 interface. All
routing decisions are solely based on the destination address, and
have nothing to do with the source address. And you default route is
22.214.171.124 which lies on the em1 interface.
Anti IP spoofing measures would cause a problem here. In general your
ISP could be filtering traffic coming from your em1 interface that
does not have a source address of 126.96.36.199/24. Probably the
same as filtering traffic coming from em0 that does not have a source
of 188.8.131.52/24. This type of filtering can be fairly common,
since it is rarely problematic, easy to implement, and reduces lots of
If this is the case, connections to 184.108.40.206 should work fine.
Solutions to this problem are having your ISP allow both subnets on
both interfaces, or using some other magic to make routing decisions
based on source address.
If this isn't the case, it may take some tcpdump'ing to watch the
traffic on the interfaces to see what is really happening.
More information about the talk