From owner-freebsd-ipfw@FreeBSD.ORG  Mon Dec 20 18:33:38 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9219B16A4CE
	for <freebsd-ipfw@freebsd.org>; Mon, 20 Dec 2004 18:33:38 +0000 (GMT)
Received: from msmisps01.bonddesk.com (msmisps01.bonddesk.com [12.47.70.99])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E6B3E43D41
	for <freebsd-ipfw@freebsd.org>; Mon, 20 Dec 2004 18:33:37 +0000 (GMT)
	(envelope-from csmith@bonddesk.com)
Received: from 10.133.16.21 ([10.133.16.21]) by mimail.bdg.local
	([10.132.16.100]) with Microsoft Exchange Server HTTP-DAV ;
	Mon, 20 Dec 2004 18:33:36 +0000
Received: from csmith-dt.bdg.local by mimail.bdg.local;
	20 Dec 2004 13:33:36 -0500
From: Corey Smith <csmith@bonddesk.com>
To: Darcy Buskermolen <darcy@wavefire.com>
In-Reply-To: <200412171431.12983.darcy@wavefire.com>
References: <1103315143.35576.127.camel@localhost>
	 <200412171431.12983.darcy@wavefire.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: Mon, 20 Dec 2004 13:33:36 -0500
Message-Id: <1103567616.35576.143.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.2 FreeBSD GNOME Team Port 
cc: freebsd-ipfw@freebsd.org
Subject: Re: Per flow load balancing
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: csmith@bonddesk.com
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Dec 2004 18:33:38 -0000

On Fri, 2004-12-17 at 14:31 -0800, Darcy Buskermolen wrote:
> Yes you can do this through the use of keep-state/check-state
> 

I'm trying a rule base like:

00005	check-state
00006	allow udp from any to any
00007	allow icmp from any to any
00010	reject tcp from any to any established
00015	prob 0.5 fwd tun1peerip tcp from any to any \
	recv bge0 xmit tun0 setup keep-state
00020	allow tcp from any to any setup keep-state
65535	allow ip from any to any

Unfortunately no connections ever match rule 15.  Any way you can show
me an example of using keep-state/check-state for per flow load
balancing?

-Corey Smith