Multihome policy routing
John Mok
jmok at attglobal.net
Tue Apr 8 15:03:17 UTC 2008
Hi,
I tried to setup a FTP server running on FreeBSD 4.11 as follows :-
(DMZ subnet)
61.1.1.1/27
---------------- Firewall ---------- Internet
| |10.144.1.1/24
| |(Intranet)
| |
|61.1.1.3/27 em1 | 10.144.1.254
FTP server -----------------router
10.144.1.10/24 em0
The following routing and ipfw rules are added on the FTP server :-
#route add default 61.1.1.1
#ipfw add 101 fwd 10.144.1.254 ip from 10.144.1.10 to any
#ipfw add 201 fwd 61.1.1.1 ip from 61.1.1.3 to any
When I tried to connect from a host (e.g. 10.144.1.10) to the DMZ
interface 61.1.1.3 of the FTP server via the gateway 10.144.1.1, it
failed. However, I shut down the interface 10.144.1.10, then it
succeeded. The routing was NOT symmetric.
My question is when FreeBSD can setup two routing tables and do
something like Linux as follows :-
ip route add default nexthop via 61.1.1.1 dev em1 table T1
ip route add default nexthop via 10.144.1.254 dev em0 table T2
ip route add 0/0 dev em1 table T1
ip route add 0/0 dev em0 table T2
Thus, the symmetric routing is maintained, when a host (e.g.
10.144.1.10) connects to 61.1.1.3 via 10.144.1.1.
Thanks a lot.
John Mok
More information about the freebsd-ipfw
mailing list