On Thu, May 28, 2020 at 08:09:25AM -0600, Theo de Raadt wrote: > A few tools have options like -s, but it is a problem. > > I'm also frustrated by this solution, and working on a better method. > > Pierre Emeriaud <petrus.lt+open...@gmail.com> wrote: > > > What is the current canonical way to tweak source address selection? > > > > I have a bgp multi-homed router, and while answers do use the correct > > source address, host-generated traffic uses the outgoing interface IP > > address: > > > > $ route -n get 194.2.0.20 > > route to: 194.2.0.20 > > destination: 194.2.0.0 > > mask: 255.255.192.0 > > gateway: 44.151.211.1 > > interface: em1 > > if address: 44.151.211.2 <<<< Not reachable from outside my network. > > priority: 48 (bgp) > > flags: <UP,GATEWAY,DONE> > > use mtu expire > > 3 0 0 > > > > This can cause issues when the /30 peering subnet is not announced, as > > return traffic (or even forward w/ urpf enabled in adjacent networks) > > will be dropped. > >
I have a pf.conf with : pass out on $if_ix from $ip_ix to !$subnet_ix nat-to $ip_router Not a definitve solution but does the work on a low-traffic bgp router :/
