From owner-freebsd-questions Fri Aug 2 13:11:25 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D209D37B400 for ; Fri, 2 Aug 2002 13:11:21 -0700 (PDT) Received: from mail.bg (varna63.pip.digsys.bg [193.68.1.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1581943E42 for ; Fri, 2 Aug 2002 13:11:17 -0700 (PDT) (envelope-from dpenev@mail.bg) Received: from mail.bg (localhost [127.0.0.1]) by mail.bg (8.12.5/8.12.5) with ESMTP id g72N9VK1000651; Fri, 2 Aug 2002 23:09:32 GMT (envelope-from dpenev@mail.bg) Received: (from root@localhost) by mail.bg (8.12.5/8.12.5/Submit) id g72N9Jim000650; Fri, 2 Aug 2002 23:09:19 GMT Date: Fri, 2 Aug 2002 23:09:19 +0000 From: "D. Penev" To: Matt Abraham Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Unable to get "ipfw fwd" working Message-ID: <20020802230919.GA260@earth.dpsca.bg> Mail-Followup-To: Matt Abraham , freebsd-questions@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Jul 31, 2002 at 05:28:40PM -0400, Matt Abraham wrote: >From: "Matt Abraham" >Subject: Unable to get "ipfw fwd" working >To: freebsd-questions@freebsd.org >Date: Wed, 31 Jul 2002 17:28:40 -0400 > >Hi all, > >I am running into a problem using ipfw to do source-based >routing. > >I am trying to forward traffic from a private IP address >(172.17.1.5) to a gateway (192.168.215.15) via ANOTHER >gateway running Freebsd/ipfw (rl0:192.168.200.240 and >vr0:192.168.215.240). Now, this packet has already gone >through a Cisco router with policy-based routing in place, >so no NAT'ing is done to the packet -- static routes are in >place on the Freebsd box to send the response back via the >Cisco router. > >So! On the Freebsd box, I've got the following ipfw rule in >place: > >650 fwd 192.168.215.15 ip from 172.17.1.5 to any in recv rl0 > >When I try to ping a public address, say A.B.C.D, on the >other side of 192.168.215.15 (it's got a public address on >its outside interface), I receive "Destination Host >Unreachable," i.e. ICMP 3.1 packets coming from >192.168.200.240. Now, if I add a static route: > >route add -host A.B.C.D 192.168.215.15 > >...it works, but this sort of defeats the purpose of >source-based routing :) Clearly, I'm doing something wrong. >Any ideas?? # man ipfw [snip] fwd ipaddr[,port] Change the next-hop on matching packets to ipaddr, which can be an IP address in dotted quad or a host name. If ipaddr is not a directly-reachable address, the route as found in the local routing table for that IP is used instead. [snip] > >Matt >mailing@novaconnect.net > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message -- Regards, D. Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message