In solaris , you can add a route whose traffic should go out a specific interface by adding -ifp [ifname] to the route command line. For instance, suppose a host has two interfaces (eri0 and hme0) on the same IP subnet (10.4.2.9/24 with gateway 10.4.2.254), and traffic for just a few hosts needs to go out the secondary hme0 interface. One reason this setup may be needed is for monitoring both some firewalls and the apps that those firewalls protect from a single network management station. On the firewalls you would add host-specific routes for the network management station’s secondary interface via the firewall management network, allowing that interface to talk directly to the firewalls. The primary interface of the network management station gets routed normally, though, and so is able to talk to hosts protected by the same firewalls.
The following command makes this happen:
# route add -host 172.29.4.3 10.4.2.254 -ifp hme0
add host 172.29.4.3: gateway 10.4.2.254
# route add -host 172.29.4.4 10.4.2.254 -ifp hme0
add host 172.29.4.4: gateway 10.4.2.254
# route add -host 172.29.7.31 10.4.2.254 -ifp hme0
add host 172.29.7.31: gateway 10.4.2.254
# route add -host 172.29.7.32 10.4.2.254 -ifp hme0
add host 172.29.7.31: gateway 10.4.2.254
Now all traffic for the four hosts above will go out hme0 instead of eri0.
This trick is actually buried in a tiny section of the route(1M) man page that is worded such that my tiny brain didn’t get it. I’m not even sure what ifp stands for. The obvious candidate, the -iface or -interface flag, can’t be right because it requires the use of proxy ARP.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment