How to forward traffic out via a non-default interface?

3

I have a fairly vanilla home LAN with an Internet provider-supplied router providing DHCP. The router uses many of its default settings unmodified. The home network is 192.168.1.0/24 and the router itself is known internally as 192.168.1.1.

I need to configure several similar routers to change their default settings. One of my computers (running FreeBSD) has a spare Ethernet interface (bce0) and I connected one of these additional routers to it. As expected, this router also uses 192.168.1.1. The machine now has two "configured" interfaces:

  • bce1 -- 192.168.1.8, which is connected to the "real" router, connecting it to the Internet and the rest of the home LAN
  • bce0 -- 192.168.1.5, which is connected to the second router, which I need to change to use different network settings

How can I reach this second router without breaking the machine's connectivity with the LAN and the Internet? Simply trying to reach 192.168.1.1 goes through bce1 and reaches my normal router...

Can ipfw(8) somehow force certain packets to go out using bce0 instead of bce1? Preferably, without the use of "fib", because adding one requires a reboot...

Mikhail T.

Posted 2016-10-26T03:24:51.603

Reputation: 419

1Two identical subnets on different interfaces both getting addresses via DHCP will be a pain no matter what you do. Configure one of your routers for a different subnet, e.g. 192.168.2.0/24. All routers I've seen can be configured that way. – dirkt – 2016-10-26T04:54:25.480

Of course, it will be a pain. But that's the default setting for these routers after a reset... And I don't want to reconfigure my entire home LAN for this one task. If there is no way to do it, I'll pick one computer, disconnect it from the LAN (and the Internet) and work with that. But I was hoping to avoid that... – Mikhail T. – 2016-10-26T14:20:41.117

Answers

-1

You cannot have two hosts with the same IP address if you want to use normal routing, since routing is a desitination address based decision. A packet cannot go two ways at once.

If you really want to screw yourself big time you can try to fake all kinds of stuff to bend the rules, but it will be a real pain in the backside.

You can, for example, create a fake IP address for the device to be configured (192.168.1.99) and set a manual ARP entry (on bce0) using the MAC of the device, and hope that it won't filter on dst IP if the packet is addressed to it by layer2. In that case your device to be configured may be accessed by the fake (192.168.1.99) address if you create a host route for it to bce0.

Or you can try to do the same with your uplink: create a new network (192.168.2.0/24), give yourself an address in it (192.168.2.2), create a fake IP (192.168.2.1) ARP entry with the MAC of your uplink (on bce1) and use it as a default gateway. You may also need a proxy-ARP for 192.168.1.xx (your ip on bce1), your system may be confused enough at that point that it won't automagically handle your original IP (or your rp-filter may act on that).

This theory is based on linux but should apply on any networking devices, including *BSD.

grin

Posted 2016-10-26T03:24:51.603

Reputation: 301

So I have withdrawn my comments on purpose. My vote has nothing to do with you on a personal level, I feel this answer could be improved, thats the only reason for the vote I issued. It has nothing to do with "trying to encourage you NOT to answer questions", you should answer as many questions as you want, but improve the quality fo this answer during that process. – Ramhound – 2017-01-06T15:09:26.503

Asked: 2016-10-26T03:24:51.603

Viewed: 145 times

Active: 2017-01-05T22:34:54.453