From owner-freebsd-net@FreeBSD.ORG Wed Dec 31 05:00:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6434A16A4CE for ; Wed, 31 Dec 2003 05:00:17 -0800 (PST) Received: from phuket.psconsult.nl (ps226.psconsult.nl [213.222.19.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0AF143D60 for ; Wed, 31 Dec 2003 05:00:13 -0800 (PST) (envelope-from paul@phuket.psconsult.nl) Received: from phuket.psconsult.nl (localhost [127.0.0.1]) by phuket.psconsult.nl (8.12.6p3/8.12.6) with ESMTP id hBVD0CGB091484 for ; Wed, 31 Dec 2003 14:00:12 +0100 (CET) (envelope-from paul@phuket.psconsult.nl) Received: (from paul@localhost) by phuket.psconsult.nl (8.12.6p3/8.12.6/Submit) id hBVD0B8N091483 for freebsd-net@freebsd.org; Wed, 31 Dec 2003 14:00:11 +0100 (CET) Date: Wed, 31 Dec 2003 14:00:11 +0100 From: Paul Schenkeveld To: freebsd-net@freebsd.org Message-ID: <20031231130011.GA91135@psconsult.nl> Mail-Followup-To: freebsd-net@freebsd.org References: <20031231093129.GB47633@FreeBSD.org.ua> <20031231114811.93320.qmail@web21509.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031231114811.93320.qmail@web21509.mail.yahoo.com> User-Agent: Mutt/1.5.4i Subject: Re: Source Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Dec 2003 13:00:17 -0000 On Wed, Dec 31, 2003 at 03:48:11AM -0800, afshin wrote: > You know I Use ipf with for example pass xl1:1.2.3.4 > from 1.2.3.5/24 to any > BUT, The Problem is that when I use this, the 1.2.3.5 > cannot access the local IPs, > Without looking at routing tables of the router it > QUICKLY passes it to the NEW gateway. FWIW, I usually do all filtering using ipf but at one site I'm administering I had to do source routing so I implemented the routing part with ipfw and the (stateful) filtering with ipf. This works great there. If needed, I can dig up some config next week and post it here. Regards, Paul Schenkeveld, Consultant PSconsult ICT Services BV > Thanks > AFShhin > > > --- Ruslan Ermilov wrote: > > On Tue, Dec 30, 2003 at 11:25:46AM -0800, afshin > > wrote: > > > > > > > What is missing in ipfw(8) and its ``fwd'' > > option > > > > from being a > > > > successful implementation of policy routing? > > > > > > > > - by using the match probability feature, you > > can > > > > implement > > > > the equal-access routing; > > > > > > > > - by checking the source IP adress, you can > > > > implement > > > > the source-sensitive routing; > > > > > > > > - by checking the IP TOS field, you can > > implement > > > > the > > > > quality-of-service routing; > > > > > > > > - etc. > > > > > > > > > > Dear Ruslan, > > > Yes, That is what I really want, But it didn't > > worked > > > when I tried it. > > > Would you mind please give me an working example > > of it > > > ? > > > Really thank you all in advance, > > > AFShin (AAS) > > > > > Sorry, but I don't have one to share. Those that I > > have > > are proprietary. But we could work with your > > examples > > to a level to make them work. ;) > > > > > > Cheers, > > -- > > Ruslan Ermilov > > FreeBSD committer > > ru@FreeBSD.org > > > > > ATTACHMENT part 2 application/pgp-signature > > > > __________________________________ > Do you Yahoo!? > Find out what made the Top Yahoo! Searches of 2003 > http://search.yahoo.com/top2003 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"