SUMMARY: Can Solaris do source routing like Linux with advanced routing?

From: Juri Haberland <>
Date: Wed May 22 2002 - 08:10:05 EDT
Whoops, sorry, I just discovered that I forgot to send this summary before
I went on holidays...

So here we go. My question was:

> I'm looking for a possebility to do 'source routing'. What I mean with it is
> that I want to be able to route based on the source, not the destination
> address. Think of the following:
> A box with two interfaces, each has an IP address in a different subnet
> and clients from the internet connect through both interfaces. Now I 
> want to route the 'answers' back through the corresponding interface where
> the 'question' came in. So I will need two default routes, but with this
> Solaris does a kind of round robing.
> With Linux I can use the advanced routing feature and can set up different
> routing tables and assign traffic to these tables based on e.g. the source
> address.

I received three answers:
- Giles Gamon send a link to a commercial tool called DefaultRouter.

- Buddy Lumpkin suggested to set ip_enable_group_ifs=0, but this is the
default now and if I understand it correctly it is just for alias interfaces
and not different interfaces. I tried it anyway (also setting it to '1')
but it didn't work.

- Casper Dik wrote:
> ipfilter actually does allow you to route deliberately using the source
> address; I have two internet connections at home and use that feature
> with the two rules at the start of my ipf.conf:
> pass out quick on qe0 to qe1:<qe1-router> from <qe1-address> to any
> pass out quick on qe1 to qe0:<qe0-router> from <qe0-address> to any
> I have two interfaces here, qe0 and qe1; in the first rule, when a packet
> is seen "on qe0" with the wrong address (from <qe*1*-address>), I send it
> "to qe1" but make sure to direct the packet at "qe1-router" (the
> default route for the qe1 interface).
> And the second rules send packets that should hav ebeen from qe0 but
> appear to be on qe1 back to qe0's default route.

I tried this one (man, compiling IPFilter was not the easiest task), and 
had partial success. When trying to connect to the second interface a
already established connection to the first interface would stall, but
the packets actually went out on the second interface.

Hmm, as it wasn't urgent and I didn't have a test box at that time I stopped
trying and decided to retry it if the test box gets available again.

Thanks everyone,

Juri Haberland  <> 
sunmanagers mailing list
Received on Wed May 22 08:16:29 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:43 EST