From owner-freebsd-stable@FreeBSD.ORG  Thu Feb  6 00:54:54 2014
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 66FA2B2
 for <freebsd-stable@freebsd.org>; Thu,  6 Feb 2014 00:54:54 +0000 (UTC)
Received: from mail-oa0-f49.google.com (mail-oa0-f49.google.com
 [209.85.219.49])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2DF281DC1
 for <freebsd-stable@freebsd.org>; Thu,  6 Feb 2014 00:54:53 +0000 (UTC)
Received: by mail-oa0-f49.google.com with SMTP id i7so1496099oag.36
 for <freebsd-stable@freebsd.org>; Wed, 05 Feb 2014 16:54:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=jtSSs9mcjbzRXJ4ejgKmZHwVlJYw1EMJ49OgfLJ/mhU=;
 b=bFIQN1OthhU8a4VXgug7RYtuHEyVgNhRbQvymirCU4HW6oFEHLAEXdEFKvtbs3LOXu
 oDcIM36gKvDaPDb1iT2aPXXegkRdkN0RNRYiGGmb+iagUf9QjA1TmSkcCQ3quvvvuzrw
 xwLJtacLDbDI8CQfe5Hnz2i7SHaFJQeJ9uNMrGeqsSdA5Ju29YwLO4lmTNUzGYi8a7z9
 0E1f+BG71Ztb9GuCL2n/7LvgzYg+tSgeXIhE8b9+IxwhZD49Rk9mV3fpAgtUpU/YPDdD
 j8KgkKSlNq4XE7VcP/29drvuv+JVEVhNEPK0YAh8pn3uGucaQ+6/OLO2DSyDlSBFFo10
 8/5A==
X-Gm-Message-State: ALoCoQnOGILa83TnjyJFmxCpZavrsEuaTqUdEoEvldA2neeBkrNws1bezzw5HMopGtKGhUgM03gm
MIME-Version: 1.0
X-Received: by 10.60.76.38 with SMTP id h6mr3085415oew.79.1391648087101; Wed,
 05 Feb 2014 16:54:47 -0800 (PST)
Received: by 10.60.21.8 with HTTP; Wed, 5 Feb 2014 16:54:47 -0800 (PST)
In-Reply-To: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net>
References: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net>
Date: Wed, 5 Feb 2014 16:54:47 -0800
Message-ID: <CAHu1Y71Gzxxbh-KvDBNwtyHBFVr7eeE91KZ9mGS1Pq7m=Y6UUw@mail.gmail.com>
Subject: Re: IPFW fwd not working after upgrade from 9.2 to 10.0
From: Michael Sierchio <kudzu@tenebras.com>
To: John Nielsen <lists@jnielsen.net>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>,
 "freebsd-stable@freebsd.org Stable" <freebsd-stable@freebsd.org>
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2014 00:54:54 -0000

compile a kernel with more than the default 2 FIB tables (16 for example), and

setfib 0 route add default $GATEWAY_A
setfib 1 route add default $GATEWAY_B
setfib 2 route add default $GATEWAY_C

[ ... ]

ipfw table 1 add $NET_LAN               0
ipfw table 1 add $NET_VOIP              2
ipfw table 1 add $NET_VPN               0
ipfw table 1 add $NET_WIFI              0
ipfw table 1 add $NET_GUEST             1
ipfw table 1 add $NET_SECURITY          0
ipfw table 1 add $NET_COMMON            1
ipfw table 1 add $NET_FINANCE           1
ipfw table 1 add $NET_CORE              2
ipfw table 1 add $NET_EVENT             0

[ ... ]

ipfw add 00500 setfib tablearg ip from table\(1\) to any in lookup src-ip 1