Forums.ATC.no

Teknisk => Generelt teknisk => Emne startet av: ATC på 24. Februar 2010, 15:32 pm

Tittel: FreeBSD: Asymmetric routing does not work
Skrevet av: ATC på 24. Februar 2010, 15:32 pm: While moving an enterprise network from one ISP to another we needed to temporarily route all outgoing traffic for both address spaces over the same ISP link.

Firewall
Router
ISP1
ISP2

Outbound traffic for both ISPs was routed towards ISP2. Incoming traffic bound for ISP1 addresses entered the Router but did not get forwarded to Firewall as expected
Tittel: [Solved] FreeBSD: Asymmetric routing does not work
Skrevet av: ATC på 24. Februar 2010, 15:32 pm: The interfaces were defined as follows:

interface fxp0 allow in verrevpath

The "verrevpath" keyword effectively makes asymmetric routing impossible because it checks if traffic enters through the same interface it would be routed through.

Simply removing the "verrevpath" keyword solved the problem.

Note that reverse path verification is commonly used to prevent some forms of IP spoofing so do not remove it unless you really need asymmetric routing.

SMF 2.0.11 | SMF © 2014, Simple Machines