unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OpenBSD-5.7)
Page:
Section:
Apropos / Subsearch:
optional field

RDOMAIN(4)               BSD Kernel Interfaces Manual               RDOMAIN(4)

NAME
     rtable, rdomain -- routing tables and routing domains

DESCRIPTION
     The traditional kernel routing system had a single table for routes and
     allowed only non-conflicting IP address assignments.  The rtable feature
     allows multiple lookup tables for routes.  The rdomain feature makes it
     possible to assign the same IP address to more than one interface.

   Routing tables
     Each rtable contains routes for outbound network packets.  A routing
     domain can contain more than one rtable.  Within a domain, IP addresses
     used for different interfaces cannot overlap.  Multiple routing tables
     are commonly used for Policy Based Routing.

   Routing domains
     Each rdomain is a completely separate address space in the kernel.  An IP
     address (e.g. 10.0.0.1/16) can be assigned in more than one rdomain, but
     cannot be assigned more than once per rdomain.  An interface belongs to
     one and only one rdomain.  The interface's rdomain determines which rdo-
     main an incoming packet will be in.  Virtual interfaces do not need to
     belong to the same rdomain as the parent.  Each rdomain contains at least
     one routing table.

     Network traffic within an rdomain stays within the current routing
     domain.  pf(4) is used to move traffic from one rdomain to a different
     rdomain.

EXAMPLES
     Set up em0 and lo4 onto rdomain 4:

           # ifconfig em0 rdomain 4
           # ifconfig lo4 rdomain 4
           # ifconfig lo4 inet 127.0.0.1/8
           # ifconfig em0 192.0.2.100/24

     Set a default route and localhost reject route within rdomain 4:

           # route -T4 -qn add -net 127 127.0.0.1 -reject
           # route -T4 -n add default 192.0.2.1

     Start an sshd in rdomain 4:

           # route -T4 exec /usr/sbin/sshd

     pf.conf snippet to block incoming port 80, and nat-to and move to rtable
     0 on interface em1:

           block in on rdomain 4 proto tcp to any port 80
           match out on rdomain 4 to !$internal_net nat-to (em1) rtable 0

SEE ALSO
     route(4), pf.conf(5), ifconfig(8), route(8)

HISTORY
     OpenBSD support for rdomains first appeared in OpenBSD 4.9 and IPv6 sup-
     port first appeared in OpenBSD 5.5.

BSD                             March 28, 2017                             BSD