From owner-freebsd-ipfw@FreeBSD.ORG Sun Jul 11 04:15:24 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B51316A4CF for ; Sun, 11 Jul 2004 04:15:23 +0000 (GMT) Received: from pfepb.post.tele.dk (pfepb.post.tele.dk [195.41.46.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBEBF43D3F for ; Sun, 11 Jul 2004 04:15:22 +0000 (GMT) (envelope-from foppa@mail.dk) Received: from spanden (0x50a156bc.boanxx14.adsl-dhcp.tele.dk [80.161.86.188]) by pfepb.post.tele.dk (Postfix) with SMTP id A8EBC5EE022 for ; Sun, 11 Jul 2004 06:15:21 +0200 (CEST) Message-ID: <002101c466fe$1d8f3f70$6700000a@spanden> From: "Mads Forsberg" To: Date: Sun, 11 Jul 2004 06:18:27 +0200 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Problem matching packets 'via' IP alias X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jul 2004 04:15:24 -0000 Hello, I have a problem matching the traffic like I want in the = following setup: /etc/rc.conf: #WAN interface ifconfig_xl0=3D"DHCP" #LAN interface and alias ifconfig_xl1=3D"inet 10.0.0.1 netmask 255.0.0.0" ifconfig_xl1_alias0=3D"inet 10.0.0.2 netmask 255.255.255.255" /etc/rc.firewall: ${fwcmd} add 100 count all from any to any via 10.0.0.1 ${fwcmd} add 200 count all from any to any via 10.0.0.2 ${fwcmd} add 500 divert natd all from any to any via xl0 The clients on the network can choose to either use 10.0.0.1 or the = alias 10.0.0.2 as a default gateway. I need the firewall to divert the traffic going in on 10.0.0.1 to one = natd, and traffic going in on 10.0.0.2 to another natd. I have added rule 100 and 200 to try and match the traffic like I want, = but all traffic matches both rule 100 and 200, regardless of which IP = the clients use as default gateway. Most examples use the via keyword = with an interface name but according to the ipfw manpage using an ip = with the via keyword should be possible.=20 Any help would be greatly appreciated !