Date: Fri, 19 May 2006 20:39:42 +0300 From: vladone <vladone@spaingsm.com> To: ipfw@freebsd.org Subject: Re[2]: IPFW - Two External Interfaces Message-ID: <1482841695.20060519203942@spaingsm.com> In-Reply-To: <996142470605182053j3cdd06b4v2f28a424edd0cbdc@mail.gmail.com> References: <996142470605161456n46e43682x392b1f4f2ccfec73@mail.gmail.com> <001c01c67945$b770dfd0$af00a8c0@orange> <996142470605182053j3cdd06b4v2f28a424edd0cbdc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello PFS, Friday, May 19, 2006, 6:53:57 AM, you wrote: > On 5/16/06, Matthew <drinking.coffee@gmail.com> wrote: >> I recommend you install tcptraceroute: /usr/ports/net/tcptraceroute/ >> >> tcptraceroute will let you specify the interface so you can test your >> configuration. >> >> For example, I have a FWD rule: >> ipfw add 420 fwd 192.168.10.10 tcp from 84.16.244.0/24 to any >> >> [root@c3p0][~]$ tcptraceroute -s 84.16.244.178 -i gif0 www.google.com >> Selected device gif0, address 84.16.244.178, port 12154 for outgoing packets >> Tracing the path to www.google.com (72.14.203.99) on TCP port 80, 30 hops >> max >> 1 192.168.10.10 (192.168.10.10) 107.013 ms 106.731 ms 106.697 ms >> 2 fragw.gatewayrouter.net (84.16.224.1) 107.287 ms 107.211 ms 107.352 >> ms >> 3 fragw1.gatewayrouter.net (217.20.117.10) 106.937 ms 107.240 ms >> 106.986 ms >> 4 rtr-1.decix-germany.eweka.nl (80.81.192.224) 107.090 ms 107.509 ms >> 107.103 ms >> >> -- Matthew >> >> > This really highlights my problem that traffic with a source ip of > 192.168.1.1 isn't being forwarded properly to 192.168.1.254. I have > removed all my NAT related rules for testing and have just the > following: > ipfw -f flush > ipfw -f pipe flush > ipfw add fwd 192.168.1.254 tcp from 192.168.1.1 to any > ipfw add allow all from any to any > When I do a tcptraceroute as outlined above: > $sudo tcptraceroute -s 192.168.1.1 -i em0 google.com > Selected device em0, address 192.168.1.1, port 56472 for outgoing packets > Tracing the path to google.com (72.14.207.99) on TCP port 80, 30 hops max > 1 * * * > I get nowhere. > I can get out just fine on bge1, since 192.168.2.254 is my default > gateway on the machine. > I am starting to feel like the fwd directive is simply broken on this > machine... Could there be some kernel options that I'm missing? Are > there any other places I should look for something silly that might be > breaking forward? Again, this did in fact work with pf on this > machine, due to "policy" I need to get it working in ipfw. > Jared Baldridge > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to > "freebsd-ipfw-unsubscribe@freebsd.org" And again from man ipfw: " .............. If ipaddr is not a local address, then the port number (if speci- fied) is ignored, and the packet will be forwarded to the remote address, using the route as found in the local routing table for that IP. ............... " so, again about route's. -- Best regards, vladone mailto:vladone@spaingsm.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1482841695.20060519203942>