From owner-freebsd-current@FreeBSD.ORG Mon Jan 19 15:40:41 2009 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC089106566B; Mon, 19 Jan 2009 15:40:41 +0000 (UTC) (envelope-from dudu.meyer@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.174]) by mx1.freebsd.org (Postfix) with ESMTP id 7112C8FC1C; Mon, 19 Jan 2009 15:40:41 +0000 (UTC) (envelope-from dudu.meyer@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so3018792wfg.7 for ; Mon, 19 Jan 2009 07:40:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=a5NuwGlBr2h/38uxgY53/8mTJbV9gnOSu6fNywiHPDo=; b=eIYamuvqQt76p+OKbWFnkV2aH3g4u6riVy9swczq0qeiudLlh9zOJUu9pjndmHIhfW BNCvMnXcbFzSI+euZkpwyIU9PY4K0dc2jMamsDQ7mbKfIanSLilV/XA+ByLPufXRV+5f MGN5QfA79l4Ikj6qA/9DOmTjGbNvat07kBmGQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=LALqyST2zrHyCd7fDZxLDR2NzSm0UdFXmlrf+ygOTuVwCVUCQ01qpdR1G7nkU6rG8Z YzP3RNsBc/vSy03/p5m+46ZGb8OptnMDnxT21Oo4Ec3Z2uV6Z6viltTgywKTlF1yBjbc KRGtf6yGW6i7lw6m3XeJiWm/bP/8caVxcnMJg= MIME-Version: 1.0 Received: by 10.142.82.6 with SMTP id f6mr2413100wfb.182.1232379640801; Mon, 19 Jan 2009 07:40:40 -0800 (PST) In-Reply-To: <4970DB6C.4030200@elischer.org> References: <4970DB6C.4030200@elischer.org> Date: Mon, 19 Jan 2009 13:40:40 -0200 Message-ID: From: Eduardo Meyer To: Julian Elischer Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: current@freebsd.org, net@freebsd.org Subject: Re: Multiple Routing Tables (FIB) + IPFW problem as (I?) expected X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jan 2009 15:40:42 -0000 > obviously you did some other commands here.. > something generated 2 million packets.. Julian, its a production enviroment, firewall was up for a few minutes. Thats the reason. > I was thinking of adding a 'reroute' ipfw keyword.. kind of like > 'fwd {original dest} ip from any to any' > because 'fwd' does cause the routing decision to be redone. > > The fib of the process that opens the socket controls where packets from the > local machine are sent. divert does cause this too, not "not fib X" seems to work fine... I wish you could make the "setfib" action be kept in state with keep-state only for the static rules, but I guess it will be done for all dynamic rules too, since keep-state makes dynamic rules repeat the static one, right? would something like ipfw add prob 0.5 setfib 1 all from X to any out keep-state be used to balance (per session) between FIB tables? > > > > > -- =========== Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br