From owner-freebsd-questions@FreeBSD.ORG Fri Oct 20 23:03:08 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13D1E16A403 for ; Fri, 20 Oct 2006 23:03:08 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id A19DC43D5C for ; Fri, 20 Oct 2006 23:03:02 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from relay7.apple.com (a17-128-113-37.apple.com [17.128.113.37]) by mail-out3.apple.com (8.12.11/8.12.11) with ESMTP id k9KN32Xt028503; Fri, 20 Oct 2006 16:03:02 -0700 (PDT) Received: from [17.214.13.96] (unknown [17.214.13.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay7.apple.com (Apple SCV relay) with ESMTP id 5904E4F; Fri, 20 Oct 2006 16:03:02 -0700 (PDT) In-Reply-To: <45394C2A.8090205@tnetus.com> References: <45391895.8010507@tnetus.com> <200610202337.21893.dpenev@mnet.bg> <45394C2A.8090205@tnetus.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Fri, 20 Oct 2006 16:03:01 -0700 To: Brian Hawk X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== Cc: freeBSD List Subject: Re: Gateway problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2006 23:03:08 -0000 On Oct 20, 2006, at 3:22 PM, Brian Hawk wrote: >> No, you are wrong. Packet will be forwarded to default gateway >> through the interface which is on same network with it. You need >> some kind of policy routing. I'm not very familiar with ipf but >> with pf you can do: >> > Unfortunately it doesn't go thru the interface which has Src IP > address same as with it. But goes thru the default gateway. But > since the Src IP address in the IP packet is 212.64.212.180, all > TCP replies come from the right interface (xl1) which makes sense > because the devices on the internet wouldn't make the same mistake. >> pass out on $ext_if0 route-to ($ext_if1 $ext_gw1) inet from >> $ext_if1 to any >> pass out on $ext_if1 route-to ($ext_if0 $ext_gw0) inet from >> $ext_if0 to any >> or with ipfw you can use "fwd" rule action. >> > a "fwd" cannot solve my problem because it likes to forward packets > to a certain IP addr or an IP:port, which is not what I want. I > just need to forward (or rather route) them thru an "interface". > Again, I still think this is what FreeBSD should really be doing > for packets which have interface's IP as Src IP addr in the IP > header. The source address of a packet is irrelevant to normal routing; only the destination matters. Unless you set up a routing daemon which implements other policies, the FreeBSD TCP/IP stack uses only the destination address to do a lookup in the kernel's routing table, using the most precise matching route, or the default route if one is present and no other route is available. -- -Chuck