From owner-freebsd-net@FreeBSD.ORG Fri Jan 16 13:12:16 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B87CE1065672 for ; Fri, 16 Jan 2009 13:12:16 +0000 (UTC) (envelope-from lists.br@gmail.com) Received: from el-out-1112.google.com (el-out-1112.google.com [209.85.162.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6AEE48FC1B for ; Fri, 16 Jan 2009 13:12:16 +0000 (UTC) (envelope-from lists.br@gmail.com) Received: by el-out-1112.google.com with SMTP id z25so429005ele.18 for ; Fri, 16 Jan 2009 05:12:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to:references :subject:date:mime-version:content-type:content-transfer-encoding :x-priority:x-msmail-priority:x-mailer:x-mimeole; bh=Ff5VNjHtZpmkRzG0/PtFsWo7SIa3DPKGrm7VGez83jc=; b=rlaV80AjlJzbFeocf0S2jGocVxzQB9yBqPVscbjWuVzEuCMjoeFTcX/yF31HIeF8/h c94wPefTx+T+Dhac7v6gxWMFY03yjVwAiLmDVIidTY5RSXztNVEz7Eg3eyuTHgcgi75g JaPeV1EyQ/gsUhr9/2dw9/XxsqjdCY4/5Vnuk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:references:subject:date:mime-version :content-type:content-transfer-encoding:x-priority:x-msmail-priority :x-mailer:x-mimeole; b=xtFZF6Zk9tPiYJf/4q3q40CoGmCuoQfz9cnLib26sWKlZZ2zv7zDrwcApu54uDXp0p 3zwMi/1L0rdG/urJApNnGT8tyWnnvs9Psh/ZujMMuUZvp50CGaGE4lhIUWuPzBmOlP+3 3oNFE5nLD+ltVhEwFegtAUXJuaSV9fEwPkNwE= Received: by 10.90.88.16 with SMTP id l16mr1314362agb.3.1232110247906; Fri, 16 Jan 2009 04:50:47 -0800 (PST) Received: from adnote989 (189-46-93-120.dsl.telesp.net.br [189.46.93.120]) by mx.google.com with ESMTPS id 6sm1005251agd.2.2009.01.16.04.50.46 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 16 Jan 2009 04:50:47 -0800 (PST) Message-ID: <43745E4B2C034B1F8657F115B9E5DDA8@adnote989> From: "Luiz Otavio O Souza" To: "Eduardo Meyer" , References: Date: Fri, 16 Jan 2009 10:50:37 -0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 X-Mailman-Approved-At: Fri, 16 Jan 2009 13:36:44 +0000 Cc: Subject: Re: Multiple Routing Tables (FIB) + IPFW problem as (I?) expected X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2009 13:12:17 -0000 > Hello, > > I am trying the new FIB stuff on -STABLE with IPFW, I made many tests > and it did not work as I expected. > > Quick testing: > > # lynx -dump http://www.whatismyip.org > 200.165.75.10 > > # setfib -1 lynx -dump http://www.whatismyip.org > 189.52.141.2 > > # setfib -2 lynx -dump http://www.whatismyip.org > 201.91.92.154 > > # ipfw -q flush > # ipfw add 1 setfib 1 all from any to any > 00001 setfib 1 ip from any to any > > # lynx -dump http://www.whatismyip.org > 200.165.75.10 > > Check for counters: > > # ipfw -q add 2 allow all from any to any fib 1 > # ipfw show > 00001 388599 139653215 setfib 1 ip from any to any > 00002 4253 2221474 allow ip from any to any fib 1 > 65535 2419650 983279227 allow ip from any to any > > # lynx -dump http://www.whatismyip.org > 200.165.75.10 > > # setfib -1 lynx -dump http://www.whatismyip.org > 189.52.141.2 > > Is anything wrong with my concepts? I would like to know if -CURRENT > has the same behavior, can someone please test? > > -- > =========== > Eduardo Meyer > pessoal: dudu.meyer@gmail.com > profissional: ddm.farmaciap@saude.gov.br Eduardo, This will not work this way... The socket used by lynx (in this case) get its data is routed by the default fib table (1) before ipfw can see the packet. When ipfw rule is applied the packet is already routed and you wont get what you want. As far as i know (not too much :)) you will need to use the fwd rules to redirect the local packets. Setfib rules work for packets that are comming from an interface and need to be routed to another (non local traffic). Setfib will not re-route the packet. Luiz