Date: Tue, 30 Nov 2004 05:18:54 -0600 From: "James R. Van Artsalen" <james@jrv.org> To: freebsd-ipfw@freebsd.org Subject: FreeBSD 5.3 routing IPFW FWD'd packets? Message-ID: <41AC571E.2020503@jrv.org>
next in thread | raw e-mail | index | archive | help
FreeBSD 5.3 may send IPFW FWD forwarded packets to a destination other
than the one specified in the FWD action. FreeBSD 5.2.1 works as expected.
I have two WAN links but only one local Ethernet. The system has an IP
alias. Each application can decide which WAN link to use by using one
or the other IP address. In 5.2.1 and earlier I used IPFW to send
packets sourced on the IP alias address to the second WAN router.
The system IP address is 192.168.3.155/8 and the IP alias is
192.168.254.155/8. One WAN gateway is the default route and is at
192.168.3.145 and the other WAN gateway is at 192.168.254.145.
To use the main WAN one just opens a socket as usual, which gets a
source address of 192.168.3.155. To use the second WAN the socket is
opened with the source address set to 192.168.254.155.
The following IPFW rules state that a direct access to 192.168.254/8
proceeds unmolested, but any packet sourced on the IP alias address of
192.168.254.155 and not to 192.168.254/8 is forwarded to the second WAN
gateway at 192.168.254.145 (which will send it to the Internet).
${fwcmd} 64000 add allow ip from any to 192.168.254.0/24
${fwcmd} 64005 add fwd 192.168.254.145 log ip from 192.168.254.155 to any
With FreeBSD 5.2.1 when rule 64005 matches the packet goes to
192.168.254.145 as the FWD specifies. But with FreeBSD 5.3 the logs on
the gateways show that the packet goes to 192.168.3.145, the system
default gateway, instead of 192.168.254.145 as specified. The syslog
shows the packets are in fact matching rule 64005.
Packets sent to the directly reachable net 192.168.254/8 (rule 64000)
seem to work. Is it possible that packets are somehow being routed
after being FWD'd by IPFW?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41AC571E.2020503>