Date: Mon, 19 Jan 2009 13:40:40 -0200 From: Eduardo Meyer <dudu.meyer@gmail.com> To: Julian Elischer <julian@elischer.org> Cc: current@freebsd.org, net@freebsd.org Subject: Re: Multiple Routing Tables (FIB) + IPFW problem as (I?) expected Message-ID: <d3ea75b30901190740i35873cc6u3061193ea4eba4e3@mail.gmail.com> In-Reply-To: <4970DB6C.4030200@elischer.org> References: <d3ea75b30901160414x353c9fb2ke1f31489bb8d5107@mail.gmail.com> <4970DB6C.4030200@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> obviously you did some other commands here..
> something generated 2 million packets..
Julian, its a production enviroment, firewall was up for a few
minutes. Thats the reason.
> I was thinking of adding a 'reroute' ipfw keyword.. kind of like
> 'fwd {original dest} ip from any to any'
> because 'fwd' does cause the routing decision to be redone.
>
> The fib of the process that opens the socket controls where packets from the
> local machine are sent.
divert does cause this too, not "not fib X" seems to work fine...
I wish you could make the "setfib" action be kept in state with
keep-state only for the static rules, but I guess it will be done for
all dynamic rules too, since keep-state makes dynamic rules repeat the
static one, right?
would something like
ipfw add prob 0.5 setfib 1 all from X to any out keep-state
be used to balance (per session) between FIB tables?
>
>
>
>
>
--
===========
Eduardo Meyer
pessoal: dudu.meyer@gmail.com
profissional: ddm.farmaciap@saude.gov.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d3ea75b30901190740i35873cc6u3061193ea4eba4e3>