Date: Tue, 08 Apr 2008 22:29:09 +0800 From: John Mok <jmok@attglobal.net> To: freebsd-ipfw@freebsd.org Subject: Multihome policy routing Message-ID: <47FB8135.1040300@attglobal.net>
next in thread | raw e-mail | index | archive | help
Hi, I tried to setup a FTP server running on FreeBSD 4.11 as follows :- (DMZ subnet) 61.1.1.1/27 ---------------- Firewall ---------- Internet | |10.144.1.1/24 | |(Intranet) | | |61.1.1.3/27 em1 | 10.144.1.254 FTP server -----------------router 10.144.1.10/24 em0 The following routing and ipfw rules are added on the FTP server :- #route add default 61.1.1.1 #ipfw add 101 fwd 10.144.1.254 ip from 10.144.1.10 to any #ipfw add 201 fwd 61.1.1.1 ip from 61.1.1.3 to any When I tried to connect from a host (e.g. 10.144.1.10) to the DMZ interface 61.1.1.3 of the FTP server via the gateway 10.144.1.1, it failed. However, I shut down the interface 10.144.1.10, then it succeeded. The routing was NOT symmetric. My question is when FreeBSD can setup two routing tables and do something like Linux as follows :- ip route add default nexthop via 61.1.1.1 dev em1 table T1 ip route add default nexthop via 10.144.1.254 dev em0 table T2 ip route add 0/0 dev em1 table T1 ip route add 0/0 dev em0 table T2 Thus, the symmetric routing is maintained, when a host (e.g. 10.144.1.10) connects to 61.1.1.3 via 10.144.1.1. Thanks a lot. John Mok
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47FB8135.1040300>