Date: Wed, 5 Feb 2014 22:59:21 -0700 From: John Nielsen <lists@jnielsen.net> To: Michael Sierchio <kudzu@tenebras.com> Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>, "freebsd-stable@freebsd.org Stable" <freebsd-stable@freebsd.org> Subject: Re: IPFW fwd not working after upgrade from 9.2 to 10.0 Message-ID: <BBD613C0-3C79-4C4C-A040-B6AEF465AE00@jnielsen.net> In-Reply-To: <CAHu1Y71Gzxxbh-KvDBNwtyHBFVr7eeE91KZ9mGS1Pq7m=Y6UUw@mail.gmail.com> References: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net> <CAHu1Y71Gzxxbh-KvDBNwtyHBFVr7eeE91KZ9mGS1Pq7m=Y6UUw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 5, 2014, at 5:54 PM, Michael Sierchio <kudzu@tenebras.com> wrote: > compile a kernel with more than the default 2 FIB tables (16 for = example), and >=20 > setfib 0 route add default $GATEWAY_A > setfib 1 route add default $GATEWAY_B > setfib 2 route add default $GATEWAY_C >=20 > [ ... ] >=20 > ipfw table 1 add $NET_LAN 0 > ipfw table 1 add $NET_VOIP 2 > ipfw table 1 add $NET_VPN 0 > ipfw table 1 add $NET_WIFI 0 > ipfw table 1 add $NET_GUEST 1 > ipfw table 1 add $NET_SECURITY 0 > ipfw table 1 add $NET_COMMON 1 > ipfw table 1 add $NET_FINANCE 1 > ipfw table 1 add $NET_CORE 2 > ipfw table 1 add $NET_EVENT 0 >=20 > [ ... ] >=20 > ipfw add 00500 setfib tablearg ip from table\(1\) to any in lookup = src-ip 1 Thanks for the suggestion, but unless something has changed recently = using setfib with ipfw is only effective for routed traffic, not packets = that originate locally (the routing decision has already been made by = the time the outgoing packet goes through ipfw). Running specific processes with an alternate FIB could be a partial = workaround but it's a lot less elegant. Really I'd like to know what's = going on in 10.0 that keeps the ipfw fwd solution from working like it = did in 9.2. JN
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BBD613C0-3C79-4C4C-A040-B6AEF465AE00>