From owner-freebsd-net@FreeBSD.ORG Sat Sep 23 01:05:27 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BDDF16A403 for ; Sat, 23 Sep 2006 01:05:27 +0000 (UTC) (envelope-from prvs=julian=4143c6dd0@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DAEE43D49 for ; Sat, 23 Sep 2006 01:05:27 +0000 (GMT) (envelope-from prvs=julian=4143c6dd0@elischer.org) Received: from unknown (HELO [10.251.18.229]) ([10.251.18.229]) by a50.ironport.com with ESMTP; 22 Sep 2006 18:05:25 -0700 Message-ID: <45148856.8020109@elischer.org> Date: Fri, 22 Sep 2006 18:05:26 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jean-Yves Avenard References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: Issue with IPFW forward X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Sep 2006 01:05:27 -0000 Jean-Yves Avenard wrote: > Hello > > I apologize in advance if this is not the right place to ask, in which > case could you point me where would be the right place ? > > > I've been trying to use two ADSL connection on the same machine, and > that it will answer traffic using the same connection it went through > > Unfortunately, I can't get it to work. > > A more accurate description of my system: > > FreeBSD 6.1 > two PPPoE link > > ifconfig: > tun1: flags=8051 mtu 1492 > inet 1.1.1.1 --> 10.10.10.10 netmask 0xffffffff > tun2: flags=8051 mtu 1492 > inet 2.2.2.2 --> 20.20.20.20 netmask 0xffffffff > > netstat -rn would give me: > > Destination Gateway Flags Refs Use Netif Expire > default 10.10.10.10 UGS 0 4344 tun1 > 20.20.20.20 2.2.2.2 UH 0 6 tun2 > > I then added: > ipfw add 10 fwd 20.20.20.20 log ip from 2.2.2.2 to any > ipfw add 20 allow ip from any to any > > if on a remote machine I do: > ping 2.2.2.2, nothing comes back > however, I can see the IPFW counter increasing while the ping command > is running. > > If I try to ssh to 2.2.2.2, In the log I see: > Sep 22 19:08:32 gateway kernel: ipfw: 10 Forward to 20.20.20.20 TCP > 2.2.2.2:22 203.214.80.131:38069 out via tun1 > > As you can see, it is still trying to go through tun1 when I believe > it should go through tun2 ! > > I can ping 20.20.20.20 without issues from the freebsd server, so I > believe the static route there is okay. > > Have I missed something obvious? > Thanks for helping me out there is a stupid option in 6.1 (that I have removed in 6.2) called IPFIREWALL_FORWARD_EXTENDED (check the spelling) if you don't have it you can not forward any packet that has a local address as either the source or destination... See if setting it fixes your problem, in 6.2 you shouldn't have to worry about it (certainly in 7.0) julian > JY > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"