Date: Fri, 16 Jan 2009 11:09:32 -0800 From: Julian Elischer <julian@elischer.org> To: Eduardo Meyer <dudu.meyer@gmail.com> Cc: current@freebsd.org, net@freebsd.org Subject: Re: Multiple Routing Tables (FIB) + IPFW problem as (I?) expected Message-ID: <4970DB6C.4030200@elischer.org> In-Reply-To: <d3ea75b30901160414x353c9fb2ke1f31489bb8d5107@mail.gmail.com> References: <d3ea75b30901160414x353c9fb2ke1f31489bb8d5107@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Eduardo Meyer wrote: > Hello, > > I am trying the new FIB stuff on -STABLE with IPFW, I made many tests > and it did not work as I expected. > > Quick testing: > > # lynx -dump http://www.whatismyip.org > 200.165.75.10 > > # setfib -1 lynx -dump http://www.whatismyip.org > 189.52.141.2 > > # setfib -2 lynx -dump http://www.whatismyip.org > 201.91.92.154 > so you have 3 tables with different default routes? > # ipfw -q flush > # ipfw add 1 setfib 1 all from any to any > 00001 setfib 1 ip from any to any > > # lynx -dump http://www.whatismyip.org > 200.165.75.10 > > Check for counters: > > # ipfw -q add 2 allow all from any to any fib 1 > # ipfw show obviously you did some other commands here.. something generated 2 million packets.. > 00001 388599 139653215 setfib 1 ip from any to any > 00002 4253 2221474 allow ip from any to any fib 1 > 65535 2419650 983279227 allow ip from any to any > > # lynx -dump http://www.whatismyip.org > 200.165.75.10 > > # setfib -1 lynx -dump http://www.whatismyip.org > 189.52.141.2 > > Is anything wrong with my concepts? I would like to know if -CURRENT > has the same behavior, can someone please test? this is expected.. setfib in the firewall can only change the fib on an outgoing packet AFTER it has already done its routing decision. setfib in ipfw is basically for packets that you are ROUTING, (i.e. you are a gateway) and is expected to be run in INCOMING packets before they make their routing decision.. I was thinking of adding a 'reroute' ipfw keyword.. kind of like 'fwd {original dest} ip from any to any' because 'fwd' does cause the routing decision to be redone. The fib of the process that opens the socket controls where packets from the local machine are sent.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4970DB6C.4030200>