From owner-freebsd-ipfw  Tue Jul 23 12: 1: 8 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1746737B400
	for <freebsd-ipfw@freebsd.org>; Tue, 23 Jul 2002 12:01:06 -0700 (PDT)
Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18])
	by mx1.FreeBSD.org (Postfix) with SMTP id 9B77B43E31
	for <freebsd-ipfw@freebsd.org>; Tue, 23 Jul 2002 12:01:05 -0700 (PDT)
	(envelope-from kudzu@tenebras.com)
Received: (qmail 74985 invoked from network); 23 Jul 2002 19:01:04 -0000
Received: from sapphire.tenebras.com (HELO tenebras.com) (66.92.188.241)
  by 0 with SMTP; 23 Jul 2002 19:01:04 -0000
Message-ID: <3D3DA7F0.30607@tenebras.com>
Date: Tue, 23 Jul 2002 12:01:04 -0700
From: Michael Sierchio <kudzu@tenebras.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020717
X-Accept-Language: en-us, en, fr-fr, ru
MIME-Version: 1.0
To: Netmetrica corp <netmetrica@yahoo.com>
Cc: freebsd-ipfw@freebsd.org
Subject: Re: IPFW Problem with Aliases on single Interface
References: <20020723185403.24782.qmail@web13102.mail.yahoo.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

Netmetrica corp wrote:
> I'm running BSD4.5 with one ethernet interface.  that
> interface has multiple IP aliases.  I would like to
> give each IP address a seperate ingress and egress
> rule.  or in other words I want different subnets to
> be treated separately if those subnets are aliases
> on the same physical interface.  
> However, the IPFW takes a shortcut and it seems to
> just use the the single outgoing interface instead of
> the multiple IP address that are assigned to that
> interface.  Is there a reason that this feature is not
> supported other than speed?

It's not ipfw, but IP that does this.  This is the case on
every platform, in every implementation I know.  All outbound
traffic will go out the primary interface on the same net,
even if they are separate physical interfaces.  There
is a way to do what you intend with a combination of ipfw and natd,
and it gets fairly hairy.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message