Problem matching packets 'via' IP alias
Mads Forsberg
foppa at mail.dk
Sat Jul 10 21:15:24 PDT 2004
Hello, I have a problem matching the traffic like I want in the following setup:
/etc/rc.conf:
<snip>
#WAN interface
ifconfig_xl0="DHCP"
#LAN interface and alias
ifconfig_xl1="inet 10.0.0.1 netmask 255.0.0.0"
ifconfig_xl1_alias0="inet 10.0.0.2 netmask 255.255.255.255"
<snip>
/etc/rc.firewall:
<snip>
${fwcmd} add 100 count all from any to any via 10.0.0.1
${fwcmd} add 200 count all from any to any via 10.0.0.2
${fwcmd} add 500 divert natd all from any to any via xl0
<snip>
The clients on the network can choose to either use 10.0.0.1 or the alias 10.0.0.2 as a default gateway.
I need the firewall to divert the traffic going in on 10.0.0.1 to one natd, and traffic going in on 10.0.0.2 to another natd.
I have added rule 100 and 200 to try and match the traffic like I want, but all traffic matches both rule 100 and 200, regardless of which IP the clients use as default gateway. Most examples use the via keyword with an interface name but according to the ipfw manpage using an ip with the via keyword should be possible.
Any help would be greatly appreciated !
More information about the freebsd-ipfw
mailing list