From owner-freebsd-questions@FreeBSD.ORG  Fri Jan 16 18:09:57 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EEBC510657A0
	for <questions@freebsd.org>; Fri, 16 Jan 2009 18:09:57 +0000 (UTC)
	(envelope-from kes-kes@yandex.ru)
Received: from forwards4.yandex.ru (forwards4.yandex.ru [77.88.32.20])
	by mx1.freebsd.org (Postfix) with ESMTP id A29128FC17
	for <questions@freebsd.org>; Fri, 16 Jan 2009 18:09:57 +0000 (UTC)
	(envelope-from kes-kes@yandex.ru)
Received: from smtp14.yandex.ru (smtp14.yandex.ru [77.88.32.84])
	by forwards4.yandex.ru (Yandex) with ESMTP id E2DFC4C57DE
	for <questions@freebsd.org>; Fri, 16 Jan 2009 21:09:55 +0300 (MSK)
Received: from 7-6-113-92.pool.ukrtel.net ([92.113.6.7]:15620 "EHLO HOMEUSER"
	smtp-auth: "kes-kes" TLS-CIPHER: <none> TLS-PEER-CN1: <none>)
	by mail.yandex.ru with ESMTP id S393334AbZAPSJo (ORCPT
	<rfc822;questions@freebsd.org>); Fri, 16 Jan 2009 21:09:44 +0300
X-Yandex-Spam: 1 
X-Yandex-Front: smtp14
X-Yandex-TimeMark: 1232129384
X-BornDate: 1149541200
X-Yandex-Karma: 0
X-Yandex-KarmaStatus: 0
X-MsgDayCount: 1
X-Comment: RFC 2476 MSA function at smtp14.yandex.ru logged sender identity
	as: kes-kes
Date: Fri, 16 Jan 2009 20:09:46 +0200
From: KES <kes-kes@yandex.ru>
X-Mailer: The Bat! (v4.0.24) Professional
Organization: SaftTen
X-Priority: 3 (Normal)
Message-ID: <1671260183.20090116200946@yandex.ru>
To: questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
Cc: 
Subject: BUG or FEATURE
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: KES <kes-kes@yandex.ru>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2009 18:09:58 -0000

Здравствуйте, Questions.

I have two routing tables, three LAN: one internal, two external.
I have connected VIA VPN to server through internal LAN.
if in firewall I add:
setfib 1 all from internal.lan.ip to any

The packet inside VPN tunnel is marked to have fib 1 and will leave router acording routing table 2 (fib 1)

If client IP is 10.0.0.2 and router IP is 10.0.0.1 and LAN interface is rl2
If VPN interface on router is ng0 and framed IP for VPN client is 192.168.0.2

it seems that
setfib 1 all from internal.lan.ip to any in recv rl2
is equivalent to
setfib 1 all from 192.168.0.2 to any in recv ng0

Is this feature or bug that packet inside tunnel is also marked to have same fib as tunnel/transport packet has?

-- 
С уважением,
 KES                          mailto:kes-kes@yandex.ru