From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 7 12:32:22 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 39BBA1065780 for ; Tue, 7 Apr 2009 12:32:22 +0000 (UTC) (envelope-from dev+lists@humph.com) Received: from ns.ondecorte.net (outgoing.humph.com [78.4.156.158]) by mx1.freebsd.org (Postfix) with ESMTP id DDAF88FC15 for ; Tue, 7 Apr 2009 12:32:21 +0000 (UTC) (envelope-from dev+lists@humph.com) Received: from 88-149-183-86.static.ngi.it ([88.149.183.86] helo=[192.168.69.4]) by ns.ondecorte.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69) (envelope-from ) id KHQDHT-00037E-D4; Tue, 07 Apr 2009 14:32:17 +0200 Message-Id: From: Giuliano Gavazzi To: =?ISO-8859-1?Q?Z=F6ld?= In-Reply-To: <75e73d840904070137s4a76dea3o248b01c2bc1f2bff@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v930.3) Date: Tue, 7 Apr 2009 14:32:16 +0200 References: <22800054.post@talk.nabble.com> <49D27F5C.7030506@elischer.org> <54A338F9-D66C-4406-804C-7443798931C8@humph.com> <75e73d840904020202q28db47e6u663a9e0bfb32a6e@mail.gmail.com> <9173F1D4-5497-4D1D-B478-009A64E41B50@humph.com> <75e73d840904070137s4a76dea3o248b01c2bc1f2bff@mail.gmail.com> X-Mailer: Apple Mail (2.930.3) Cc: freebsd-ipfw@freebsd.org Subject: Re: FreeBSD 7.1 IPv6 multihoming problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Apr 2009 12:32:22 -0000 On T 7 Apr, 2009, at 10:37 , Z=F6ld wrote: > Hi all! > > I think my problem is solved. As I mentioned earlier the ipfw fwd =20 > hasn't got > any effect (under FreeBSD 7.1), but pf (packet filter) can forward =20 > among the > interfaces too. > > Here are the commands: > kldload pf > > /etc/pf.conf: > pass out quick route-to (interface1_name gateway1_address) from > interface1_address to any > pass out quick route-to (interface2_name gateway2_address) from > interface2_address to any > > pf -e -f /etc/pf.conf > > Now the packets leave the computer over the proper interface =20 > independent of > the default gateway. very good! unfortunately pf hasn't been ported to the macosx kernel =20 yet... Just a warning, on MacOS X I had kernel panics, when reloading rules, =20= in some place inherited from BSD (netinet/ip_fw2.c) and I think they =20 were triggered by a fwd to the default gateway. In other words, if a =20 packet does not need to be re-routed (that is it should go to the =20 default gateway), do not use a fwd, make it an allow rule instead =20 (don't know what this is called in pf... pass) as this will have the =20 same net effect. I might be completely wrong about this panic and =20 might not apply to FreeBSD or pf, of course, but still I see no point =20= in routing explicitly what will be routed correctly anyway. Giuliano=