Hello, probably it's my bad knowledge of networks, so I'm asking for help
I have 2 nics in my home server connected to different VLANs of Cisco ASA.
em0 is connected to inside VLAN on Cisco. GW 10.0.1.222
em2 is connected to server VLAN GW 10.0.4.222
inside interface routes all to VPN, for servers interface I want direct connections.
The problem is that FreeBSD sends traffic through em0. Cisco confirms this, firewall get's 10.0.4.0/24 network on it's inside interface.
Here is how I test
1. Starts jail, assigned em2|10.0.4.2 to it.
2.
Tests in jail:
1.
11:55:28.986996 IP 10.0.4.2.28678 > 10.0.4.222.domain: 9593+ A? cnn.com. (25)
2.
I want traffic from servers flows strictly through it's own interface.
I have 2 nics in my home server connected to different VLANs of Cisco ASA.
Code:
ifconfig_em0="inet 10.0.1.2 netmask 255.255.255.0 up"
ifconfig_em0_alias0="inet 10.0.1.3 netmask 255.255.255.255" # zoneminder
ifconfig_em2="inet 10.0.4.1 netmask 255.255.255.0 up"
ifconfig_em2_alias0="inet 10.0.4.2 netmask 255.255.255.255"
defaultrouter="10.0.1.222"
em2 is connected to server VLAN GW 10.0.4.222
inside interface routes all to VPN, for servers interface I want direct connections.
The problem is that FreeBSD sends traffic through em0. Cisco confirms this, firewall get's 10.0.4.0/24 network on it's inside interface.
Here is how I test
1. Starts jail, assigned em2|10.0.4.2 to it.
2.
tcpdump -i em2 src 10.0.4.2
and tcpdump -i em0 src 10.0.4.2
on the hostTests in jail:
1.
host cnn.com 10.0.4.222
goes through em2 - GOOD11:55:28.986996 IP 10.0.4.2.28678 > 10.0.4.222.domain: 9593+ A? cnn.com. (25)
2.
host cnn.com 8.8.8.8
GOES THROUGH em0. WHY ?
Code:
tcpdump -i em0 src 10.0.4.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:57:34.575201 IP 10.0.4.2.35193 > google-public-dns-a.google.com.domain: 6872+ A? cnn.com. (25)
I want traffic from servers flows strictly through it's own interface.
Code:
Internet:
Destination Gateway Flags Netif Expire
default 10.0.1.222 UGS em0
10.0.1.0/24 link#1 U em0
10.0.1.2 link#1 UHS lo0
10.0.1.3 link#1 UHS lo0
10.0.1.3/32 link#1 U em0
10.0.1.4 link#1 UHS lo0
10.0.1.4/32 link#1 U em0
10.0.1.5 link#1 UHS lo0
10.0.1.5/32 link#1 U em0
10.0.1.6 link#1 UHS lo0
10.0.1.6/32 link#1 U em0
10.0.1.7 link#1 UHS lo0
10.0.1.7/32 link#1 U em0
10.0.1.9 link#1 UHS lo0
10.0.1.9/32 link#1 U em0
10.0.1.11 link#1 UHS lo0
10.0.1.11/32 link#1 U em0
10.0.1.14 link#1 UHS lo0
10.0.1.14/32 link#1 U em0
10.0.4.0/24 link#3 U em2
10.0.4.1 link#3 UHS lo0
10.0.4.2 link#3 UHS lo0
10.0.4.2/32 link#3 U em2
localhost link#5 UH lo0
192.168.1.0/24 link#2 U em1
192.168.1.1 link#2 UHS lo0
192.168.1.2 link#2 UHS lo0
192.168.1.2/32 link#2 U em1