From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 23 11:08:23 2007 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F34A16A480 for ; Mon, 23 Jul 2007 11:08:23 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 588D713C46A for ; Mon, 23 Jul 2007 11:08:23 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l6NB8NwU045344 for ; Mon, 23 Jul 2007 11:08:23 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l6NB8MGY045340 for freebsd-ipfw@FreeBSD.org; Mon, 23 Jul 2007 11:08:22 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 23 Jul 2007 11:08:22 GMT Message-Id: <200707231108.l6NB8MGY045340@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jul 2007 11:08:23 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] add a facility to modify DF bit of the o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet o kern/112708 ipfw ipfw is seems to be broken to limit number of connecti 13 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetime feature o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses ports and port o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] Add setnexthop and defaultroute feature o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/111713 ipfw [dummynet] Too few dummynet queue slots o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci 24 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed Jul 25 22:50:23 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2929F16A417; Wed, 25 Jul 2007 22:50:23 +0000 (UTC) (envelope-from ngharibyan@mail.ru) Received: from mx4.mail.ru (fallback.mail.ru [194.67.57.14]) by mx1.freebsd.org (Postfix) with ESMTP id 951AE13C45E; Wed, 25 Jul 2007 22:50:22 +0000 (UTC) (envelope-from ngharibyan@mail.ru) Received: from mx33.mail.ru (mx33.mail.ru [194.67.23.194]) by mx4.mail.ru (mPOP.Fallback_MX) with ESMTP id 7FA33389DB3; Thu, 26 Jul 2007 00:26:30 +0400 (MSD) Received: from [91.103.27.104] (port=49012 helo=sis2w001) by mx33.mail.ru with asmtp id 1IDnRD-000Mg5-00; Thu, 26 Jul 2007 00:26:28 +0400 From: "Narek Gharibyan" To: , Date: Thu, 26 Jul 2007 01:26:17 +0500 Message-ID: <012001c7cefa$13ea3350$180ca8c0@arm.synisys.com> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcfO6trGBBhseyb+SDqlTLzK6ty2bgADwzfQ X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Policy Based Routing problem help me X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2007 22:50:23 -0000 Hi all, I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection and 2 LAN connections. I need to do a policy-based routing. All I need that packets coming from one ISP interface return to that interface (incoming connections' source based routing) and the other hand do a IP based routing from the LAN (Some packets will goes out via ISP 1 some others via ISP 2 depending on IPs requested). I tried to do that with ipfw fwd but it didn't work any way (e.g. with ip.forwarding enabled or no). Even I've disabled my static routes, default gw. Just it do nothing. Sample configs are ipfw add fwd ISP_gw from ${my lan} to any via ${eif} ipfw add fwd ISP_gw from ${my lan} to any out via ${eif} ipfw add fwd ISP_gw from any to any xmit ${eif} Ipfw add fwd ISP_gw from any to any via ${eif} out I don't use nat, proxy. Just need to route. Please help Regards, Narek From owner-freebsd-ipfw@FreeBSD.ORG Thu Jul 26 13:14:13 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 797F316A417 for ; Thu, 26 Jul 2007 13:14:13 +0000 (UTC) (envelope-from ngharibyan@mail.ru) Received: from mx27.mail.ru (mx27.mail.ru [194.67.23.64]) by mx1.freebsd.org (Postfix) with ESMTP id 0B9CD13C45D for ; Thu, 26 Jul 2007 13:14:12 +0000 (UTC) (envelope-from ngharibyan@mail.ru) Received: from [91.103.27.104] (port=39092 helo=sis2w001) by mx27.mail.ru with asmtp id 1IE3AQ-000Emf-00 for freebsd-ipfw@freebsd.org; Thu, 26 Jul 2007 17:14:10 +0400 From: "Narek Gharibyan" To: Date: Thu, 26 Jul 2007 18:14:04 +0500 Message-ID: <017001c7cf86$daa2ad10$180ca8c0@arm.synisys.com> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcfPhtcDtgK8ERIITnqX4PqMjueRFA== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Policy - based Routing problem Need help X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2007 13:14:13 -0000 Hi all, I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection and 2 LAN connections. I need to do a policy-based routing. All I need that packets coming from one ISP interface return to that interface (incoming connections' source based routing) and the other hand do a IP based routing from the LAN (Some packets will goes out via ISP 1 some others via ISP 2 depending on IPs requested). I tried to do that with ipfw fwd but it didn't work any way (e.g. with ip.forwarding enabled or no). Even I've disabled my static routes, default gw. Just it do nothing. Sample configs are ipfw add fwd ISP_gw from ${my lan} to any via ${eif} ipfw add fwd ISP_gw from ${my lan} to any out via ${eif} ipfw add fwd ISP_gw from any to any xmit ${eif} Ipfw add fwd ISP_gw from any to any via ${eif} out I don't use nat, proxy. Just need to route. Please help Regards, Narek From owner-freebsd-ipfw@FreeBSD.ORG Thu Jul 26 15:16:58 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D3BAE16A417 for ; Thu, 26 Jul 2007 15:16:58 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outM.internet-mail-service.net (outM.internet-mail-service.net [216.240.47.236]) by mx1.freebsd.org (Postfix) with ESMTP id BA8F113C468 for ; Thu, 26 Jul 2007 15:16:58 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Thu, 26 Jul 2007 08:06:32 -0700 Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id EB07C125B12; Thu, 26 Jul 2007 08:06:31 -0700 (PDT) Message-ID: <46A8B89C.6090106@elischer.org> Date: Thu, 26 Jul 2007 08:07:08 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: Narek Gharibyan References: <017001c7cf86$daa2ad10$180ca8c0@arm.synisys.com> In-Reply-To: <017001c7cf86$daa2ad10$180ca8c0@arm.synisys.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: Policy - based Routing problem Need help X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2007 15:16:58 -0000 Narek Gharibyan wrote: > Hi all, > > I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection > and 2 LAN connections. I need to do a policy-based routing. All I need that > packets coming from one ISP interface return to that interface (incoming > connections' source based routing) and the other hand do a IP based routing > from the LAN (Some packets will goes out via ISP 1 some others via ISP 2 > depending on IPs requested). I tried to do that with ipfw fwd but it didn't > work any way (e.g. with ip.forwarding enabled or no). Even I've disabled my > static routes, default gw. Just it do nothing. Sample configs are > > ipfw add fwd ISP_gw from ${my lan} to any via ${eif} > ipfw add fwd ISP_gw from ${my lan} to any out via ${eif} > ipfw add fwd ISP_gw from any to any xmit ${eif} > > Ipfw add fwd ISP_gw from any to any via ${eif} out > > I don't use nat, proxy. Just need to route. not using nat is a problem, because packets from the internet will all want to come back to you on only one of the interfaces. usually what is done is to nat on both interfaces, and use BGP or something to decide which interface is the most efficient for the packet to go out on.. the return packet will come back the same way due to the NATing. > > > Please help > > > > Regards, > > Narek > > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Sat Jul 28 07:15:26 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4B8516A419 for ; Sat, 28 Jul 2007 07:15:26 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outC.internet-mail-service.net (outC.internet-mail-service.net [216.240.47.226]) by mx1.freebsd.org (Postfix) with ESMTP id BDDB713C459 for ; Sat, 28 Jul 2007 07:15:26 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Sat, 28 Jul 2007 00:15:25 -0700 Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 267D5125ADE; Sat, 28 Jul 2007 00:15:25 -0700 (PDT) Message-ID: <46AAED33.1070307@elischer.org> Date: Sat, 28 Jul 2007 00:16:03 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: Narek Gharibyan References: <017001c7cf86$daa2ad10$180ca8c0@arm.synisys.com> In-Reply-To: <017001c7cf86$daa2ad10$180ca8c0@arm.synisys.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: Policy - based Routing problem Need help X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jul 2007 07:15:26 -0000 Narek Gharibyan wrote: > Hi all, > > I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection > and 2 LAN connections. I need to do a policy-based routing. All I need that > packets coming from one ISP interface return to that interface (incoming > connections' source based routing) and the other hand do a IP based routing > from the LAN (Some packets will goes out via ISP 1 some others via ISP 2 > depending on IPs requested). I tried to do that with ipfw fwd but it didn't > work any way (e.g. with ip.forwarding enabled or no). Even I've disabled my > static routes, default gw. Just it do nothing. Sample configs are > > ipfw add fwd ISP_gw from ${my lan} to any via ${eif} > ipfw add fwd ISP_gw from ${my lan} to any out via ${eif} > ipfw add fwd ISP_gw from any to any xmit ${eif} I believe you want to route INCOMING sessions right? what is the topology of the rest of your network? > > Ipfw add fwd ISP_gw from any to any via ${eif} out > > I don't use nat, proxy. Just need to route. > > > Please help > > > > Regards, > > Narek > > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"