acda

Q: multiple routing tables and/or policy routing

Hey all,

 

I'm trying to configure a Mac Mini (10.8) for multiple routing tables and policy routing.  This server runs Ostinato, a freeware traffic generator.  My purpose is to generate traffic on multiple VLANs towards different gateways and different destinations.  To that end, I have VLAN tagged the (only) Ethernet port and configured 5 VLANs on it.  The first one has the default route (I manage this Mac over this VLAN).  The other four have IP addresses in the test range I'm using. 


The goal is to have traffic sourced from IP-address-X go out vlanX towards gateway-X.  It's counterpart on the far end runs Linux and I have configured it in this way:

 

ip route add default via <gateway-X> dev ethX table X

ip rule add from <network-X> table X priority X

 

Researching on OpenBSD forums (since it's the base of MacOS X), provided this:

 

route -T X add 0.0.0.0/0 -iface <gateway-X>

echo pass in from <network-X> to 0.0.0.0/0 rtable X | pfctl -mf -

 

However, the Mountain Lion "route" command does not support the -T option, so that killed that idea.  Another forum suggested that this would have worked on 10.4:

 

ipfw add X fwd <gateway-X> ip from <IP-address-X> to any

 

I tried this on 10.8 though the man page says it's deprecated, and (surprise, surprise) it did not work. 

 

Any ideas to get this working appreciated!

 

Thanks,

 

Aaron

Mac mini Server (Mid 2011), OS X Mountain Lion (10.8.3)

Posted on May 20, 2013 4:49 PM

Close

Q: multiple routing tables and/or policy routing

  • All replies
  • Helpful answers

  • by 空気読めない,

    空気読めない 空気読めない Aug 13, 2014 11:57 AM in response to acda
    Level 1 (10 points)
    Aug 13, 2014 11:57 AM in response to acda

    Still doesn't have it in 10.9.4.

     

    irene:~ cschwartz$ sudo bash

    bash-3.2# route -T add

    route: illegal option -- T

    usage: route [-dnqtv] command [[modifiers] args]

     

    I'm guessing you want policy-based routing due to VLANs...? If you can get a USB-to-Ethernet adapter, then maybe you can work around this by using multiple physical links instead of VLAN tagging. But if you need source-based routing etc. then no.