Date: Thu, 10 Nov 2005 12:31:30 -0500 From: "Marcelo Celleri" <marceloc@espoltel.net> To: <freebsd-questions@freebsd.org> Subject: IPFW policy routing... Message-ID: <200511101729.jAAHTnNg027194@jupiter.espoltel.net>
next in thread | raw e-mail | index | archive | help
Hi,
I'm trying to move from Linux to FreeBSD, but the most difficult part in
this change it seems to be the transition from iproute2 to ipfw to make
policy routing, this case works on Linux but I'm still not able to get it
works on FreeBSD.
Net1: 192.168.0.0/25
Net2: 192.168.0.128/25
Default GW: 69.x.x.193 (ISP1)
Alternate GW: 69.x.x.203 (ISP2)
NAT Address to use with Net1: 200.X.X.35
NAT Address to use with Net2: 201.X.X.35
| Packet1 from 192.168.0.0/25
| Packet2 from 192.168.0.128/25
______|______ em1: 192.168.0.1
| |
| |
|_____________|
| em0: 69.x.x.194
______ |____________________
Packet1 | |
Packet2
200.x.x.35 | |
201.x.x.35
______ |______ ______ | ______
| | |
|
| 69.x.x.193 | | 69.x.x.203 |
|_____________| |_____________|
| |
| |
ISP1 ISP2
So, when the packet 1 reaches the default gw, was modified by NAT in my
FreeBSD box, getting the src address of 200.x.x.35, and when the packet 2
reaches the alternate gw (69.x.x.203), it was also modified by NAT with the
src address 201.x.x.35, that's working ok, but the redirection fails, here's
my ipfw configuration, where all is allowed by default.
natd -a 200.x.x.35 -p 8668
natd -a 201.x.x.35 -p 8669
ipfw add 30 divert 8668 all from any to 200.x.x.35 in recv em0
ipfw add 30 divert 8668 all from 192.168.0.0/25 to any out xmit em0
ipfw add 40 divert 8669 all from any to 201.x.x.35 in recv em0
ipfw add 40 divert 8669 all from 192.168.0.128/25 to any out xmit em0
ipfw add 50 fwd 69.x.x.203 all from 192.168.0.128/25 to any
I have tried changing the last line for, but the results were the same:
ipfw add 50 fwd 69.x.x.203 all from 192.168.0.128/25 to any in recv em1
ipfw add 50 fwd 69.x.x.203 all from 201.x.x.35 to any
I have read about policy routing and it seems that everything is in order,
but still doesn't work.Please help!
--
Este mensaje ha sido analizado por el antivirus de ESPOLTEL S.A.
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511101729.jAAHTnNg027194>