Date: Mon, 6 Jul 2009 10:36:18 +0200 From: Kim Attree <kim.attree@playsafesa.com> To: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org> Subject: Problem with source based policy routing Message-ID: <00265389C30B444288C246DF37651D0C37637A1893@server-02.playsafesa.com>
next in thread | raw e-mail | index | archive | help
Hey Guys, =20 I'm having a problem with source-based policy routing in IPFW, I'm trying t= o run a load-balanced SMTP System over two links. Primary link is re0, lets give it an ip of 192.168.1.1 Secondary link is re1, with an ip of 192.168.2.1 Default gateway for the box is 192.168.1.254 (so ALL outgoing traffic goes = out of re0, unless hardcoded into the routing table for destinations instea= d) Default gateway for re1 is 192.168.2.254 I want re1 to be able to accept SMTP, but respond to the originating IP ove= r the same link re1 (instead of the default gateway). With this in mind, I setup my NAT accordingly: <snip> port 8669 alias_address 192.168.2.1 same_ports yes use_sockets yes log_ipfw_denied yes redirect_port tcp 10.0.0.1:25 192.168.2.1:25 </snip> And the IPFW rules such: <snip> # NATD Statements add 00097 divert 8668 all from any to any via re0 add 00097 divert 8669 all from any to any via re1 # Testing incoming SMTP over re1 add 00098 skipto 00100 tcp from any to not 192.168.2.1 add 00099 fwd 192.168.2.254 tcp from any to any </snip> Tcpdump shows packets coming in: <snip> #>Tcpdump -n -i re1 port 25 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on re1, link-type EN10MB (Ethernet), capture size 96 bytes 11:15:41.594659 IP xxx.xxx.xxx.xxx.2097 > 192.168.2.1.25: S 842708044:84270= 8044(0) win 65535 <mss 1300,nop,nop,sackOK> 11:15:44.596798 IP xxx.xxx.xxx.xxx.2097 > 192.168.2.1.25: S 842708044:84270= 8044(0) win 65535 <mss 1300,nop,nop,sackOK> 11:15:50.617271 IP xxx.xxx.xxx.xxx.2097 > 192.168.2.1.25: S 842708044:84270= 8044(0) win 65535 <mss 1300,nop,nop,sackOK> ^C 3 packets captured 566 packets received by filter 0 packets dropped by kernel </snip> But nothing going out: What am I doing wrong ???
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00265389C30B444288C246DF37651D0C37637A1893>