Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Source routing in OSX

I have an OS X Server (Tiger) which has 2 NICs with two ISP DSL accounts. There is one default route. I would like to have inbound traffic for the non-default interface to go via a separate router.

eg

en0: 192.168.1.10/24 router 192.168.1.1 - NATs to 1.2.3.4
en1: 192.168.2.10/24 router 192.168.2.1 - NATs to 4.3.2.1

Default route is 192.168.1.1

I would like to set up source based routing such that any inbound packet to 4.3.2.1 is replied to via the router 192.168.2.1

To do this, I have tried using the command

ipfw add  fwd 192.168.2.1 ip from 192.168.2.10 to not 192.168.2.10/24

which gives me an ipfw table of

00001 allow udp from any 626 to any dst-port 626
00010 divert 8668 ip from any to any via en1
00099 fwd 192.168.2.1 ip from 192.168.2.10 to not 192.168.2.0/24
01000 allow log ip from any to any via lo0
01010 deny ip from any to 127.0.0.0/8
01020 deny ip from 224.0.0.0/4 to any in
01030 deny tcp from any to 224.0.0.0/4 in
12300 allow log ip from any to any
65534 deny ip from any to any
65535 allow ip from any to any


When I try to ping to the external IP address from outside, I can see the packets reaching the server on the correct interface, but they do not seem to get any reply on either interface. If I remove the rule, then the reply packets can be seen going out through the default interface.

If I implement src routing, then this is possible. Within linux you can use iproute2 as described at

http://lartc.org/howto/lartc.rpdb.multiple-links.html

I am trying to do the same thing within OSX Server.

In theory,

ipfw add  fwd 192.168.2.1 ip from 192.168.2.10 to not 192.168.2.10/24

should work. However, it doesn't for me. I am trying to achieve source based routing (sometimes called policy routing) within OSX Server. I am not looking for NAT based solutions where I would lose the IP information of the initiating contact.

Is this possible in Tiger or Leopard?

Cheers,

Joel


--

Joel Smith
Dales IT Ltd
Units 68/9 Glasshouses Mill
Harrogate			Tel: +44 1423 714913	Mobile: +44 7768 803758
N.Yorks HG3 5QH			Fax: +44 870 1617192
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.