Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 25 Jul 2007 16:16:55 -0700
From:      Christopher Cowart <ccowart@rescomp.berkeley.edu>
To:        Narek Gharibyan <ngharibyan@mail.ru>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Policy Based Routing problem help me
Message-ID:  <20070725231655.GT25792@rescomp.berkeley.edu>
In-Reply-To: <012001c7cefa$13ea3350$180ca8c0@arm.synisys.com>
References:  <012001c7cefa$13ea3350$180ca8c0@arm.synisys.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--mW9eGbZzDIYYWqGs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 26, 2007 at 01:26:17AM +0500, Narek Gharibyan wrote:
> I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connecti=
on
> and 2 LAN connections. I need to do a policy-based routing. All I need th=
at
> packets coming from one ISP interface return to that interface (incoming
> connections' source based routing) and the other hand do a IP based routi=
ng
> from the LAN (Some packets will goes out via ISP 1 some others via ISP 2
> depending on IPs requested). I tried to do that with ipfw fwd but it didn=
't
> work any way (e.g. with ip.forwarding enabled or no). Even I've disabled =
my
> static routes, default gw. Just it do nothing. Sample configs are
>=20
> ipfw add fwd ISP_gw from ${my lan} to any via ${eif}
> ipfw add fwd ISP_gw from ${my lan} to any out via ${eif}
> ipfw add fwd ISP_gw from any to any xmit ${eif}
>=20
> Ipfw add fwd ISP_gw from any to any via ${eif} out
>=20
> I don't use nat, proxy. Just need to route.

Have you compiled your kernel with the following options?
|  options IPFIREWALL_FORWARD
|  options IPFIREWALL_FORWARD_EXTENDED

I found that this kind of forwarding silently failed until I enabled the
EXTENDED option in addition to the typical option.

`man ipfw' briefly mentions these two kernel options in the fwd section.

--=20
Chris Cowart
Lead Systems Administrator
Network & Infrastructure Services, RSSP-IT
UC Berkeley

--mW9eGbZzDIYYWqGs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFGp9nnV3SOqjnqPh0RAlqTAJ9ECdaU1r2izPCJwM5nDcFrVAUwIwCgq05G
KtXvIRpX6Uhu/+UlQAbwz2o=
=0sWO
-----END PGP SIGNATURE-----

--mW9eGbZzDIYYWqGs--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070725231655.GT25792>