From owner-freebsd-i386@FreeBSD.ORG Wed Jul 25 10:20:02 2007 Return-Path: Delivered-To: freebsd-i386@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC53B16A418 for ; Wed, 25 Jul 2007 10:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 813D013C45A for ; Wed, 25 Jul 2007 10:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l6PAK2oV084171 for ; Wed, 25 Jul 2007 10:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l6PAK2DF084168; Wed, 25 Jul 2007 10:20:02 GMT (envelope-from gnats) Resent-Date: Wed, 25 Jul 2007 10:20:02 GMT Resent-Message-Id: <200707251020.l6PAK2DF084168@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-i386@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Narek Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6356616A46D for ; Wed, 25 Jul 2007 10:12:30 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (unknown [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 4F28813C457 for ; Wed, 25 Jul 2007 10:12:30 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l6PACTbj010075 for ; Wed, 25 Jul 2007 10:12:29 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.1/8.14.1/Submit) id l6PACTgc010074; Wed, 25 Jul 2007 10:12:29 GMT (envelope-from nobody) Message-Id: <200707251012.l6PACTgc010074@www.freebsd.org> Date: Wed, 25 Jul 2007 10:12:29 GMT From: Narek To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.0 Cc: Subject: i386/114891: Policy Based Routing Problem (ipfw fwd) X-BeenThere: freebsd-i386@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: I386-specific issues for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2007 10:20:02 -0000 >Number: 114891 >Category: i386 >Synopsis: Policy Based Routing Problem (ipfw fwd) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-i386 >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Jul 25 10:20:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Narek >Release: 6.2 RELEASE >Organization: SIS >Environment: P4 2000 512MB RAM Named, gateway,SSH, Snmp, Firewall (ipfw) >Description: I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection and 2 LAN connections. I need to do a policy-based routing. All I need that packets coming from one ISP interface return to that interface (incoming connections’ source based routing) and the other hand do a IP based routing from the LAN (Some packets will goes out via ISP 1 some others via ISP 2 depending on IPs requested). I tried to do that with ipfw fwd but it didn’t work any way (e.g. with ip.forwarding enabled or no). Even I've disabled my static routes, default gw. Just it do nothing. Sample configs are ipfw add fwd ISP_gw from ${my lan} to any via ${eif} ipfw add fwd ISP_gw from ${my lan} to any out via ${eif} ipfw add fwd ISP_gw from any to any xmit ${eif} I don’t use nat, proxy. Just need to route. >How-To-Repeat: always >Fix: >Release-Note: >Audit-Trail: >Unformatted: