Multiple Routing Tables (FIB) + IPFW problem as (I?) expected
Luiz Otavio O Souza
lists.br at gmail.com
Fri Jan 16 05:12:17 PST 2009
> Hello,
>
> I am trying the new FIB stuff on -STABLE with IPFW, I made many tests
> and it did not work as I expected.
>
> Quick testing:
>
> # lynx -dump http://www.whatismyip.org
> 200.165.75.10
>
> # setfib -1 lynx -dump http://www.whatismyip.org
> 189.52.141.2
>
> # setfib -2 lynx -dump http://www.whatismyip.org
> 201.91.92.154
>
> # ipfw -q flush
> # ipfw add 1 setfib 1 all from any to any
> 00001 setfib 1 ip from any to any
>
> # lynx -dump http://www.whatismyip.org
> 200.165.75.10
>
> Check for counters:
>
> # ipfw -q add 2 allow all from any to any fib 1
> # ipfw show
> 00001 388599 139653215 setfib 1 ip from any to any
> 00002 4253 2221474 allow ip from any to any fib 1
> 65535 2419650 983279227 allow ip from any to any
>
> # lynx -dump http://www.whatismyip.org
> 200.165.75.10
>
> # setfib -1 lynx -dump http://www.whatismyip.org
> 189.52.141.2
>
> Is anything wrong with my concepts? I would like to know if -CURRENT
> has the same behavior, can someone please test?
>
> --
> ===========
> Eduardo Meyer
> pessoal: dudu.meyer at gmail.com
> profissional: ddm.farmaciap at saude.gov.br
Eduardo,
This will not work this way...
The socket used by lynx (in this case) get its data is routed by the default
fib table (1) before ipfw can see the packet.
When ipfw rule is applied the packet is already routed and you wont get what
you want.
As far as i know (not too much :)) you will need to use the fwd rules to
redirect the local packets. Setfib rules work for packets that are comming
from an interface and need to be routed to another (non local traffic).
Setfib will not re-route the packet.
Luiz
More information about the freebsd-net
mailing list