From owner-freebsd-net@FreeBSD.ORG Sat Jun 16 00:47:59 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D629216A469 for ; Sat, 16 Jun 2007 00:47:59 +0000 (UTC) (envelope-from joe@joeholden.co.uk) Received: from scarlett.lon.rewt.org.uk (scarlett.lon.rewt.org.uk [62.84.188.34]) by mx1.freebsd.org (Postfix) with ESMTP id 9F5B313C465 for ; Sat, 16 Jun 2007 00:47:59 +0000 (UTC) (envelope-from joe@joeholden.co.uk) Received: from [192.168.10.230] (unknown [78.86.5.116]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by scarlett.lon.rewt.org.uk (Postfix) with ESMTP id 02E1539848; Sat, 16 Jun 2007 01:28:45 +0100 (BST) Message-ID: <46732E7E.908@joeholden.co.uk> Date: Sat, 16 Jun 2007 01:27:42 +0100 From: Joe Holden User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) MIME-Version: 1.0 To: Boris Kochergin , freebsd-net@freebsd.org, sysadmin@rescomp.berkeley.edu References: <20070615213454.GE2335@rescomp.berkeley.edu> <467312FF.5020506@acm.poly.edu> <20070615231255.GG2335@rescomp.berkeley.edu> In-Reply-To: <20070615231255.GG2335@rescomp.berkeley.edu> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: Routing outbound IP packets on multihomed box X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jun 2007 00:47:59 -0000 Christopher Cowart wrote: > On Fri, Jun 15, 2007 at 06:30:23PM -0400, Boris Kochergin wrote: >> Christopher Cowart wrote: >>> I have a server with two NICs: >>> >>> em0: 169.229.79.139/25 >>> vlan526: 169.229.126.9/24 >>> >>> The default gateway is 169.229.79.129. The router for the 126 subnet is >>> 169.229.126.1. >>> >>> netstat -rn: >>> | Destination Gateway Flags Refs Use Netif >>> Expire >>> | default 169.229.79.129 UGS 0 102537 em0 >>> | 127.0.0.1 127.0.0.1 UH 0 217 lo0 >>> | 169.229.79.128/25 link#1 UC 0 0 em0 >>> | 169.229.79.129 00:15:c7:b9:f4:80 UHLW 2 4 em0 >>> 1193 >>> | 169.229.79.139 00:11:25:ab:42:70 UHLW 1 589 lo0 >>> | 169.229.126/24 link#9 UC 0 0 vlan52 >>> | 169.229.126.1 00:15:c7:b9:f4:80 UHLW 1 34 vlan52 >>> 1200 >>> | 169.229.126.9 00:18:f8:09:d3:a5 UHLW 1 8 lo0 >>> >> pass out route-to (vlan256 169.229.126.1) from 169.229.126.9 to any >> >> This tells PF to send all packets sent from 169.229.126.9 through the >> vlan256 interface with a next-hop address of 169.229.126.1. > > Unfortunately, I don't think we can use pf. The rest of our > infrastructure is ipfw and we don't particularly want this to be a > one-off. I was under the impression that my ipfw rule did exactly this, > by sending the packets to the 126 router as their next hop. > > Anyone have any ideas on whether an ipfw fwd rule can be used in a > similar way to this pf rule? > Yes, ipfw fwd will work fine, you'll need to route based on the source ip addresses. For exmaple: ipfw add 1 fwd all from to any ipfw add 2 fwd all from to any That *should* work, been a long time since i've touched ipfw. -- Joe Holden T: (UK) 02071009593 (AU) 282442321 E: joe@joeholden.co.uk