Date: Fri, 16 Jan 2009 10:50:37 -0200 From: "Luiz Otavio O Souza" <lists.br@gmail.com> To: "Eduardo Meyer" <dudu.meyer@gmail.com>, <net@freebsd.org> Subject: Re: Multiple Routing Tables (FIB) + IPFW problem as (I?) expected Message-ID: <43745E4B2C034B1F8657F115B9E5DDA8@adnote989> References: <d3ea75b30901160414x353c9fb2ke1f31489bb8d5107@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello, > > I am trying the new FIB stuff on -STABLE with IPFW, I made many tests > and it did not work as I expected. > > Quick testing: > > # lynx -dump http://www.whatismyip.org > 200.165.75.10 > > # setfib -1 lynx -dump http://www.whatismyip.org > 189.52.141.2 > > # setfib -2 lynx -dump http://www.whatismyip.org > 201.91.92.154 > > # ipfw -q flush > # ipfw add 1 setfib 1 all from any to any > 00001 setfib 1 ip from any to any > > # lynx -dump http://www.whatismyip.org > 200.165.75.10 > > Check for counters: > > # ipfw -q add 2 allow all from any to any fib 1 > # ipfw show > 00001 388599 139653215 setfib 1 ip from any to any > 00002 4253 2221474 allow ip from any to any fib 1 > 65535 2419650 983279227 allow ip from any to any > > # lynx -dump http://www.whatismyip.org > 200.165.75.10 > > # setfib -1 lynx -dump http://www.whatismyip.org > 189.52.141.2 > > Is anything wrong with my concepts? I would like to know if -CURRENT > has the same behavior, can someone please test? > > -- > =========== > Eduardo Meyer > pessoal: dudu.meyer@gmail.com > profissional: ddm.farmaciap@saude.gov.br Eduardo, This will not work this way... The socket used by lynx (in this case) get its data is routed by the default fib table (1) before ipfw can see the packet. When ipfw rule is applied the packet is already routed and you wont get what you want. As far as i know (not too much :)) you will need to use the fwd rules to redirect the local packets. Setfib rules work for packets that are comming from an interface and need to be routed to another (non local traffic). Setfib will not re-route the packet. Luiz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43745E4B2C034B1F8657F115B9E5DDA8>