From owner-freebsd-ipfw@FreeBSD.ORG  Thu Feb  6 00:54:54 2014
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 57C82B1
 for <freebsd-ipfw@freebsd.org>; Thu,  6 Feb 2014 00:54:54 +0000 (UTC)
Received: from mail-oa0-f43.google.com (mail-oa0-f43.google.com
 [209.85.219.43])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1C05F1DC0
 for <freebsd-ipfw@freebsd.org>; Thu,  6 Feb 2014 00:54:53 +0000 (UTC)
Received: by mail-oa0-f43.google.com with SMTP id h16so1497028oag.30
 for <freebsd-ipfw@freebsd.org>; Wed, 05 Feb 2014 16:54:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=jtSSs9mcjbzRXJ4ejgKmZHwVlJYw1EMJ49OgfLJ/mhU=;
 b=lm4/7JxNLpxYO8ZfdjHvDT0EsFXqqGrmOxIEHsYi28Wj6+bC+duAvTnbhxCSppmWAG
 DxDaZ5uMN9py6G00Bc8KuT6HfcOjeHZ8ZjhYN/es9PfAzGSHPwJCn+903/gd4gZfSfud
 n5gThT01Kt/svnH8AIKg5EuYE7rP2xhKKog/+3xWZq7ZqHwnHzpsKGO2ffNbWrTK7SV8
 h9SvlxuB3yI+wHjZtvHgI4zQ1l4zI10tzaz8+z2OyRKEzhJsGxNr14hA0sgszRirjKCy
 VpxHIm60o0yoWGJ2AS/8XZ3vudddDj4ShzTChCGSi3swKqSwSrrhFQgmaAPV9bxRuXfm
 biHw==
X-Gm-Message-State: ALoCoQmWhCptmCUF4/NY4rhGsumZTPrwOkcz6VtHGXf/AzuLM8EKyu2PK22UtRSKqFyt2ME7cF6Z
MIME-Version: 1.0
X-Received: by 10.60.76.38 with SMTP id h6mr3085415oew.79.1391648087101; Wed,
 05 Feb 2014 16:54:47 -0800 (PST)
Received: by 10.60.21.8 with HTTP; Wed, 5 Feb 2014 16:54:47 -0800 (PST)
In-Reply-To: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net>
References: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net>
Date: Wed, 5 Feb 2014 16:54:47 -0800
Message-ID: <CAHu1Y71Gzxxbh-KvDBNwtyHBFVr7eeE91KZ9mGS1Pq7m=Y6UUw@mail.gmail.com>
Subject: Re: IPFW fwd not working after upgrade from 9.2 to 10.0
From: Michael Sierchio <kudzu@tenebras.com>
To: John Nielsen <lists@jnielsen.net>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>,
 "freebsd-stable@freebsd.org Stable" <freebsd-stable@freebsd.org>
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2014 00:54:54 -0000

compile a kernel with more than the default 2 FIB tables (16 for example), and

setfib 0 route add default $GATEWAY_A
setfib 1 route add default $GATEWAY_B
setfib 2 route add default $GATEWAY_C

[ ... ]

ipfw table 1 add $NET_LAN               0
ipfw table 1 add $NET_VOIP              2
ipfw table 1 add $NET_VPN               0
ipfw table 1 add $NET_WIFI              0
ipfw table 1 add $NET_GUEST             1
ipfw table 1 add $NET_SECURITY          0
ipfw table 1 add $NET_COMMON            1
ipfw table 1 add $NET_FINANCE           1
ipfw table 1 add $NET_CORE              2
ipfw table 1 add $NET_EVENT             0

[ ... ]

ipfw add 00500 setfib tablearg ip from table\(1\) to any in lookup src-ip 1