Ano-Tech Computers

Enter keyword:

FreeBSD: Asymmetric routing does not work
Problem: While moving an enterprise network from one ISP to another we needed to temporarily route all outgoing traffic for both address spaces over the same ISP link. Firewall Router ISP1 ISP2 Outbound traffic for both ISPs was routed towards ISP2. Incoming traffic bound for ISP1 addresses entered the Router but did not get forwarded to Firewall as expected
Solution: The interfaces were defined as follows: interface fxp0 allow in verrevpath The "`verrevpath`" keyword effectively makes asymmetric routing impossible because it checks if traffic enters through the same interface it would be routed through. Simply removing the "`verrevpath`" keyword solved the problem. Note that reverse path verification is commonly used to prevent some forms of IP spoofing so do not remove it unless you really need asymmetric routing.
Discuss this solution
Did this article solve your problem? Yes No Did not apply

This is free technical advice without any warranties. Use at your own risk. Solutions offered may not apply to your particular problem at all. Opinions and views expressed in the articles are the authors' personal and may not necessarily reflect or coincide with those of Ano-Tech Computers. We take no responsibility if anything bad happens from following any of the intructions given. If you don't understand and accept this, please contact us for personal assistance instead.
To read our full disclaimer, go here.

We welcome anyone who is willing to contribute to this public knowledge base, contact siteadmin@atc.no if you have information you would like to share. The idea is not to replace the commercial support sites, but to publish those hard-to-find solutions you've found yourself looking for over and over again.

Show all articles