From owner-freebsd-ipfw Tue Jul 23 12:28:41 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4D9437B400 for ; Tue, 23 Jul 2002 12:28:38 -0700 (PDT) Received: from mailgw2a.lmco.com (mailgw2a.lmco.com [192.91.147.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB3F743E42 for ; Tue, 23 Jul 2002 12:28:37 -0700 (PDT) (envelope-from rick.norman@lmco.com) Received: from emss01g01.ems.lmco.com ([129.197.181.54]) by mailgw2a.lmco.com (8.11.6/8.11.6) with ESMTP id g6NJSac20429 for ; Tue, 23 Jul 2002 15:28:36 -0400 (EDT) Received: from CONVERSION-DAEMON.lmco.com by lmco.com (PMDF V6.1-1 #40643) id <0GZP00F01VFOKK@lmco.com> for freebsd-ipfw@FreeBSD.ORG; Tue, 23 Jul 2002 12:28:36 -0700 (PDT) Received: from lmco.com ([129.197.20.43]) by lmco.com (PMDF V6.1-1 #40643) with ESMTP id <0GZP009M0VFMM9@lmco.com> for freebsd-ipfw@FreeBSD.ORG; Tue, 23 Jul 2002 12:28:34 -0700 (PDT) Date: Tue, 23 Jul 2002 12:24:08 -0700 From: rick norman Subject: Re: IPFW Problem with Aliases on single Interface To: freebsd-ipfw@FreeBSD.ORG Message-id: <3D3DAD58.BD3DF3B2@lmco.com> MIME-version: 1.0 X-Mailer: Mozilla 4.79 [en] (WinNT; U) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT X-Accept-Language: en References: <20020723185403.24782.qmail@web13102.mail.yahoo.com> <3D3DA7F0.30607@tenebras.com> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Michael Sierchio wrote: > Netmetrica corp wrote: > > I'm running BSD4.5 with one ethernet interface. that > > interface has multiple IP aliases. I would like to > > give each IP address a seperate ingress and egress > > rule. or in other words I want different subnets to > > be treated separately if those subnets are aliases > > on the same physical interface. > > However, the IPFW takes a shortcut and it seems to > > just use the the single outgoing interface instead of > > the multiple IP address that are assigned to that > > interface. Is there a reason that this feature is not > > supported other than speed? > > It's not ipfw, but IP that does this. This is the case on > every platform, in every implementation I know. All outbound > traffic will go out the primary interface on the same net, > even if they are separate physical interfaces. There > is a way to do what you intend with a combination of ipfw and natd, > and it gets fairly hairy. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message I think there is a limitation in ipfw that prohibits writing rules for next hop outbound aliased subnets. In 4.5 there seems to be a limitation that won't allow pkts being routed out on different subnets to be treated separately if those subnets are aliases on the same physical interface. I would like to see a solution to this problem also. -- "In the Big Rock Candy Mountains the jails are made of tin, And you can walk right out again as soon as you are in There ain't no short-handled shovels, no axes, saws or picks, I'm a-goin' to stay where you sleep all day Where they hung the jerk that invented work In the Big Rock Candy Mountains" wk: 408 742 1619 rick.norman@lmco.com hm: 650 726 0677 rnorman@ikaika.com cell: 650 303 3877 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message