1.\" $OpenBSD: rdomain.4,v 1.7 2015/02/06 03:10:43 phessler Exp $ 2.\" 3.\" Copyright (c) 2015 Peter Hessler <phessler@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: February 6 2015 $ 18.Dt RDOMAIN 4 19.Os 20.Sh NAME 21.Nm rtable , 22.Nm rdomain 23.Nd routing tables and routing domains 24.Sh DESCRIPTION 25The traditional kernel routing system had a single table for routes and 26allowed only non-conflicting IP address assignments. 27The 28.Nm rtable 29feature allows multiple lookup tables for routes. 30The 31.Nm rdomain 32feature makes it possible to assign the same IP address to more than one 33interface. 34.Ss Routing tables 35Each 36.Nm rtable 37contains routes for outbound network packets. 38A routing domain can contain more than one 39.Nm rtable . 40Within a domain, IP addresses used for different interfaces cannot overlap. 41Multiple routing tables are commonly used for Policy Based Routing. 42.Ss Routing domains 43Each 44.Nm rdomain 45is a completely separate address space in the kernel. 46An IP address (e.g. 10.0.0.1/16) can be assigned in more than one 47.Nm rdomain , 48but 49cannot be assigned more than once per 50.Nm rdomain . 51An interface belongs to one and only one 52.Nm rdomain . 53The interface's 54.Nm rdomain 55determines which rdomain an incoming packet will 56be in. 57Virtual interfaces do not need to belong to the same 58.Nm rdomain 59as the parent. 60Each 61.Nm rdomain 62contains at least one routing table. 63.Pp 64Network traffic within an 65.Nm rdomain 66stays within the current routing domain. 67.Xr pf 4 68is used to move traffic from one 69.Nm rdomain 70to a different 71.Nm rdomain . 72.Sh EXAMPLES 73Set up em0 and lo4 onto rdomain 4: 74.Bd -literal -offset indent 75# ifconfig em0 rdomain 4 76# ifconfig lo4 rdomain 4 77# ifconfig lo4 inet 127.0.0.1/8 78# ifconfig em0 192.0.2.100/24 79.Ed 80.Pp 81Set a default route and localhost reject route within rdomain 4: 82.Bd -literal -offset indent 83# route -T4 -qn add -net 127 127.0.0.1 -reject 84# route -T4 -n add default 192.0.2.1 85.Ed 86.Pp 87Start an sshd in rdomain 4: 88.Pp 89.Dl # route -T4 exec /usr/sbin/sshd 90.Pp 91pf.conf snippet to block incoming port 80, and nat-to and move to rtable 0 92on interface em1: 93.Bd -literal -offset indent 94block in on rdomain 4 proto tcp to any port 80 95match out on rdomain 4 to !$internal_net nat-to (em1) rtable 0 96.Ed 97.Sh SEE ALSO 98.Xr route 4 , 99.Xr pf.conf 5 , 100.Xr ifconfig 8 , 101.Xr route 8 102.Sh HISTORY 103.Ox 104support for 105.\" XXX - rdomains, not 'rtable' 106.\" .Nm 107rdomains 108first appeared in 109.Ox 4.9 110and IPv6 support first appeared in 111.Ox 5.5 . 112