From owner-freebsd-questions  Wed Jul 31 14:31: 7 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A837A37B400
	for <freebsd-questions@freebsd.org>; Wed, 31 Jul 2002 14:31:03 -0700 (PDT)
Received: from novaconnect.net (ns.novaconnect.net [205.150.191.170])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 97A9E43E72
	for <freebsd-questions@freebsd.org>; Wed, 31 Jul 2002 14:31:01 -0700 (PDT)
	(envelope-from mailing@novaconnect.net)
Received: from [192.168.100.21] (account <mailing@novaconnect.net>)
  by novaconnect.net (CommuniGate Pro WebUser 3.5b5)
  with HTTP id 44502 for <freebsd-questions@freebsd.org>; Wed, 31 Jul 2002 17:28:40 -0400
From: "Matt Abraham" <mailing@novaconnect.net>
Subject: Unable to get "ipfw fwd" working
To: freebsd-questions@freebsd.org
X-Mailer: CommuniGate Pro Web Mailer v.3.5b5
Date: Wed, 31 Jul 2002 17:28:40 -0400
Message-ID: <web-44502@novaconnect.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi all,

I am running into a problem using ipfw to do source-based
routing. 

I am trying to forward traffic from a private IP address
(172.17.1.5) to a gateway (192.168.215.15) via ANOTHER
gateway running Freebsd/ipfw (rl0:192.168.200.240 and
vr0:192.168.215.240). Now, this packet has already gone
through a Cisco router with policy-based routing in place,
so no NAT'ing is done to the packet -- static routes are in
place on the Freebsd box to send the response back via the
Cisco router.

So! On the Freebsd box, I've got the following ipfw rule in
place:

650 fwd 192.168.215.15 ip from 172.17.1.5 to any in recv rl0

When I try to ping a public address, say A.B.C.D, on the
other side of 192.168.215.15 (it's got a public address on
its outside interface), I receive "Destination Host
Unreachable," i.e. ICMP 3.1 packets coming from
192.168.200.240. Now, if I add a static route:

route add -host A.B.C.D 192.168.215.15

...it works, but this sort of defeats the purpose of
source-based routing :) Clearly, I'm doing something wrong.
Any ideas??

Matt
mailing@novaconnect.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message