From owner-freebsd-questions@FreeBSD.ORG Thu Nov 10 17:31:55 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AC9616A41F for ; Thu, 10 Nov 2005 17:31:55 +0000 (GMT) (envelope-from marceloc@espoltel.net) Received: from jupiter.espoltel.net (jupiter.espoltel.net [200.49.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DEBC43D55 for ; Thu, 10 Nov 2005 17:31:44 +0000 (GMT) (envelope-from marceloc@espoltel.net) Received: from hefesto ([69.65.149.194]) by jupiter.espoltel.net (8.12.10/8.12.10) with ESMTP id jAAHTnNg027194 for ; Thu, 10 Nov 2005 12:29:51 -0500 Message-Id: <200511101729.jAAHTnNg027194@jupiter.espoltel.net> From: "Marcelo Celleri" To: Date: Thu, 10 Nov 2005 12:31:30 -0500 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcXmHJYVrE6byHOzTIGOfmYwNsj1GA== X-ESPOLTEL-MailScanner-Information: Please contact the ISP for more information X-ESPOLTEL-MailScanner: Found to be clean Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: IPFW policy routing... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Nov 2005 17:31:55 -0000 Hi, I'm trying to move from Linux to FreeBSD, but the most difficult part in this change it seems to be the transition from iproute2 to ipfw to make policy routing, this case works on Linux but I'm still not able to get it works on FreeBSD. Net1: 192.168.0.0/25 Net2: 192.168.0.128/25 Default GW: 69.x.x.193 (ISP1) Alternate GW: 69.x.x.203 (ISP2) NAT Address to use with Net1: 200.X.X.35 NAT Address to use with Net2: 201.X.X.35 | Packet1 from 192.168.0.0/25 | Packet2 from 192.168.0.128/25 ______|______ em1: 192.168.0.1 | | | | |_____________| | em0: 69.x.x.194 ______ |____________________ Packet1 | | Packet2 200.x.x.35 | | 201.x.x.35 ______ |______ ______ | ______ | | | | | 69.x.x.193 | | 69.x.x.203 | |_____________| |_____________| | | | | ISP1 ISP2 So, when the packet 1 reaches the default gw, was modified by NAT in my FreeBSD box, getting the src address of 200.x.x.35, and when the packet 2 reaches the alternate gw (69.x.x.203), it was also modified by NAT with the src address 201.x.x.35, that's working ok, but the redirection fails, here's my ipfw configuration, where all is allowed by default. natd -a 200.x.x.35 -p 8668 natd -a 201.x.x.35 -p 8669 ipfw add 30 divert 8668 all from any to 200.x.x.35 in recv em0 ipfw add 30 divert 8668 all from 192.168.0.0/25 to any out xmit em0 ipfw add 40 divert 8669 all from any to 201.x.x.35 in recv em0 ipfw add 40 divert 8669 all from 192.168.0.128/25 to any out xmit em0 ipfw add 50 fwd 69.x.x.203 all from 192.168.0.128/25 to any I have tried changing the last line for, but the results were the same: ipfw add 50 fwd 69.x.x.203 all from 192.168.0.128/25 to any in recv em1 ipfw add 50 fwd 69.x.x.203 all from 201.x.x.35 to any I have read about policy routing and it seems that everything is in order, but still doesn't work.Please help! -- Este mensaje ha sido analizado por el antivirus de ESPOLTEL S.A. en busca de virus y otros contenidos peligrosos, y se considera que está limpio.