On Wed, Mar 24, 2010 at 09:39:46AM -0700, Jefferson Ogata wrote: > On 2010-03-24 15:37, Ray Van Dolson wrote: > > On Wed, Mar 24, 2010 at 12:16:17AM -0700, Darren Reed wrote: > >> On Tue, 23 Mar 2010 09:14 -0700, "Ray Van Dolson" <[email protected]> > >> wrote: > >>> I have a multihomed box running Solaris 10 U8 (IP filter v4.1.9). > >>> There are two interfaces, igb0 and igb2, both on the same subnet > >>> (10.49.0.0/16) with, obviously, different IP's. > >>> > >>> igb0: 10.49.2.110/16 > >>> igb2: 10.49.2.111/16 > >>> > >>> Default Gateway: 10.49.254.254 > >>> > >>> When traffic destined for 10.49.2.111 enters igb2, by default replies > >>> go back out igb0. > >>> > >>> I want anything with a source IP of 10.49.2.111 to go out igb2. > >>> > >>> The following two rules work: > >>> > >>> (1) block out log quick on igb0 to igb2:10.49.254.254 from 10.49.2.111 > >>> to any > >>> (2) pass out log quick on igb0 to igb2:10.49.254.254 from 10.49.2.111 > >>> to any > >>> > >>> But the downside is, if the destination is also on the 10.49.0.0/16, > >>> when it arrives it appears as if it's coming from the gateway instead > >>> of from the MAC address of igb2. > >>> > >>> I tried the following: > >>> > >>> (1) block out log quick on igb0 to igb2 from 10.49.2.111 to any > >>> (2) pass out log quick on igb0 to igb2 from 10.49.2.111 to any > >>> > >>> But, while these rules don't complain and seem to show matches in the > >>> log, the packets never reach the destination. > >>> > >>> Any suggestions? Do I _have_ to specify a next-hop? I just want the > >>> system to rely on its local ARP table for delivery, especially if the > >>> packet is destined to the local subnet... > >> Are you able to use snoop/tcpdump to degtermine if anything is sent > >> out igb2 or does the packet simply disappear down a black hole? > > > > Black hole... :) From responses I've gotten on the OpenSolaris network > > list, it sounds like this sort of thing won't work -- it's more aimed > > at boxes multihomed on different subnets so I can make use of a > > gateway. > > Maybe setting the strong host model will help. Something like: > > ndd -set /dev/ip ip_strict_dst_multihoming 1
Tried that, but no luck. Also made sure IP forwarding was turned on. Ray
