Date: Wed, 31 Dec 2003 14:00:11 +0100 From: Paul Schenkeveld <fb-net@psconsult.nl> To: freebsd-net@freebsd.org Subject: Re: Source Routing Message-ID: <20031231130011.GA91135@psconsult.nl> In-Reply-To: <20031231114811.93320.qmail@web21509.mail.yahoo.com> References: <20031231093129.GB47633@FreeBSD.org.ua> <20031231114811.93320.qmail@web21509.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 31, 2003 at 03:48:11AM -0800, afshin wrote: > You know I Use ipf with for example pass xl1:1.2.3.4 > from 1.2.3.5/24 to any > BUT, The Problem is that when I use this, the 1.2.3.5 > cannot access the local IPs, > Without looking at routing tables of the router it > QUICKLY passes it to the NEW gateway. FWIW, I usually do all filtering using ipf but at one site I'm administering I had to do source routing so I implemented the routing part with ipfw and the (stateful) filtering with ipf. This works great there. If needed, I can dig up some config next week and post it here. Regards, Paul Schenkeveld, Consultant PSconsult ICT Services BV > Thanks > AFShhin > > > --- Ruslan Ermilov <ru@FreeBSD.org> wrote: > > On Tue, Dec 30, 2003 at 11:25:46AM -0800, afshin > > wrote: > > > > > > > What is missing in ipfw(8) and its ``fwd'' > > option > > > > from being a > > > > successful implementation of policy routing? > > > > > > > > - by using the match probability feature, you > > can > > > > implement > > > > the equal-access routing; > > > > > > > > - by checking the source IP adress, you can > > > > implement > > > > the source-sensitive routing; > > > > > > > > - by checking the IP TOS field, you can > > implement > > > > the > > > > quality-of-service routing; > > > > > > > > - etc. > > > > > > > > > > Dear Ruslan, > > > Yes, That is what I really want, But it didn't > > worked > > > when I tried it. > > > Would you mind please give me an working example > > of it > > > ? > > > Really thank you all in advance, > > > AFShin (AAS) > > > > > Sorry, but I don't have one to share. Those that I > > have > > are proprietary. But we could work with your > > examples > > to a level to make them work. ;) > > > > > > Cheers, > > -- > > Ruslan Ermilov > > FreeBSD committer > > ru@FreeBSD.org > > > > > ATTACHMENT part 2 application/pgp-signature > > > > __________________________________ > Do you Yahoo!? > Find out what made the Top Yahoo! Searches of 2003 > http://search.yahoo.com/top2003 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031231130011.GA91135>