Date: Mon, 24 Nov 2008 22:56:02 +0200 From: KES <kes-kes@yandex.ru> To: Ian Smith <smithi@nimnet.asn.au> Cc: freebsd-ipfw@freebsd.org Subject: Re[2]: kern/129103: [ipfw] IPFW check state does not work =( Message-ID: <1517824.20081124225602@yandex.ru> In-Reply-To: <20081124203046.I43853@sola.nimnet.asn.au> References: <200811232342.mANNgOnr069400@freefall.freebsd.org> <20081124203046.I43853@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
sorry, I miss some explanation Before beginngin tests I ipfw zero : > /var/log/security then for user on ng1 I do: ping -n 3 I.N.E.T > 00002 6 360 count log icmp from any to any via ng0 here I count all packets going through ng0 3 in + 3 out, all is ok here > 00003 5 300 prob 0.500000 skipto 6 log icmp from any to any via ng0 I want to split traffic. Now here I just study how it is done. Actually I want to fwd packets through differeng ISP but send packet to same ISP if connection is established. So traffic will flow over 4,5 or 6,7, 00004 8 480 skipto 5 log icmp from any to any via ng0 keep-state 00005 3 180 skipto 10 log icmp from any to any via ng0 00006 3 180 skipto 7 log icmp from any to any via ng0 keep-state 00007 3 180 count log icmp from any to any via ng0 expected results for rule 4 is 3 packets. Why it is 8 I do not know > 00010 6 360 count log icmp from any to any via ng0 here I count all packets going through ng0 again. As you see it is 6. All is ok > 00099 47 2924 nat 1 ip from any to any via ng0 just natting, nat all traffic, so counter is so big > 00004 7 420 (0s) STATE icmp 192.168.9.4 0 <-> 213.180.204.8 0 > 00006 2 120 (0s) STATE icmp 213.180.204.8 0 <-> 91.124.239.145 0 This is very strange. Here I expect 3 for first and second rule but why here 7 and 2 packets?? that is mistery ((
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1517824.20081124225602>