kern/129103: [ipfw] IPFW check state does not work =(
KES
kes-kes at yandex.ru
Mon Nov 24 13:11:37 PST 2008
sorry, I miss some explanation
Before beginngin tests I
ipfw zero
: > /var/log/security
then for user on ng1 I do:
ping -n 3 I.N.E.T
> 00002 6 360 count log icmp from any to any via ng0
here I count all packets going through ng0
3 in + 3 out, all is ok here
> 00003 5 300 prob 0.500000 skipto 6 log icmp from any to any via ng0
I want to split traffic. Now here I just study how it is done.
Actually I want to fwd packets through differeng ISP but send packet
to same ISP if connection is established.
So traffic will flow over 4,5 or 6,7,
00004 8 480 skipto 5 log icmp from any to any via ng0 keep-state
00005 3 180 skipto 10 log icmp from any to any via ng0
00006 3 180 skipto 7 log icmp from any to any via ng0 keep-state
00007 3 180 count log icmp from any to any via ng0
expected results for rule 4 is 3 packets. Why it is 8 I do not know
> 00010 6 360 count log icmp from any to any via ng0
here I count all packets going through ng0 again. As you see it is 6.
All is ok
> 00099 47 2924 nat 1 ip from any to any via ng0
just natting, nat all traffic, so counter is so big
> 00004 7 420 (0s) STATE icmp 192.168.9.4 0 <-> 213.180.204.8 0
> 00006 2 120 (0s) STATE icmp 213.180.204.8 0 <-> 91.124.239.145 0
This is very strange. Here I expect 3 for first and second rule
but why here 7 and 2 packets?? that is mistery ((
More information about the freebsd-ipfw
mailing list