Date: Sun, 11 Jul 2004 06:18:27 +0200 From: "Mads Forsberg" <foppa@mail.dk> To: <freebsd-ipfw@freebsd.org> Subject: Problem matching packets 'via' IP alias Message-ID: <002101c466fe$1d8f3f70$6700000a@spanden>
next in thread | raw e-mail | index | archive | help
Hello, I have a problem matching the traffic like I want in the =
following setup:
/etc/rc.conf:
<snip>
#WAN interface
ifconfig_xl0=3D"DHCP"
#LAN interface and alias
ifconfig_xl1=3D"inet 10.0.0.1 netmask 255.0.0.0"
ifconfig_xl1_alias0=3D"inet 10.0.0.2 netmask 255.255.255.255"
<snip>
/etc/rc.firewall:
<snip>
${fwcmd} add 100 count all from any to any via 10.0.0.1
${fwcmd} add 200 count all from any to any via 10.0.0.2
${fwcmd} add 500 divert natd all from any to any via xl0
<snip>
The clients on the network can choose to either use 10.0.0.1 or the =
alias 10.0.0.2 as a default gateway.
I need the firewall to divert the traffic going in on 10.0.0.1 to one =
natd, and traffic going in on 10.0.0.2 to another natd.
I have added rule 100 and 200 to try and match the traffic like I want, =
but all traffic matches both rule 100 and 200, regardless of which IP =
the clients use as default gateway. Most examples use the via keyword =
with an interface name but according to the ipfw manpage using an ip =
with the via keyword should be possible.=20
Any help would be greatly appreciated !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002101c466fe$1d8f3f70$6700000a>