Date: Fri, 22 Sep 2006 18:05:26 -0700 From: Julian Elischer <julian@elischer.org> To: Jean-Yves Avenard <jyavenard@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Issue with IPFW forward Message-ID: <45148856.8020109@elischer.org> In-Reply-To: <cb44e8370609221728t2c20f5cfp7b9f914858225e91@mail.gmail.com> References: <cb44e8370609221728t2c20f5cfp7b9f914858225e91@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jean-Yves Avenard wrote: > Hello > > I apologize in advance if this is not the right place to ask, in which > case could you point me where would be the right place ? > > > I've been trying to use two ADSL connection on the same machine, and > that it will answer traffic using the same connection it went through > > Unfortunately, I can't get it to work. > > A more accurate description of my system: > > FreeBSD 6.1 > two PPPoE link > > ifconfig: > tun1: flags=8051<UP,POINTOPOINT,RUNNI NG,MULTICAST> mtu 1492 > inet 1.1.1.1 --> 10.10.10.10 netmask 0xffffffff > tun2: flags=8051<UP,POINTOPOINT,RUNNI NG,MULTICAST> mtu 1492 > inet 2.2.2.2 --> 20.20.20.20 netmask 0xffffffff > > netstat -rn would give me: > > Destination Gateway Flags Refs Use Netif Expire > default 10.10.10.10 UGS 0 4344 tun1 > 20.20.20.20 2.2.2.2 UH 0 6 tun2 > > I then added: > ipfw add 10 fwd 20.20.20.20 log ip from 2.2.2.2 to any > ipfw add 20 allow ip from any to any > > if on a remote machine I do: > ping 2.2.2.2, nothing comes back > however, I can see the IPFW counter increasing while the ping command > is running. > > If I try to ssh to 2.2.2.2, In the log I see: > Sep 22 19:08:32 gateway kernel: ipfw: 10 Forward to 20.20.20.20 TCP > 2.2.2.2:22 203.214.80.131:38069 out via tun1 > > As you can see, it is still trying to go through tun1 when I believe > it should go through tun2 ! > > I can ping 20.20.20.20 without issues from the freebsd server, so I > believe the static route there is okay. > > Have I missed something obvious? > Thanks for helping me out there is a stupid option in 6.1 (that I have removed in 6.2) called IPFIREWALL_FORWARD_EXTENDED (check the spelling) if you don't have it you can not forward any packet that has a local address as either the source or destination... See if setting it fixes your problem, in 6.2 you shouldn't have to worry about it (certainly in 7.0) julian > JY > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45148856.8020109>