Does "setfib" in ipfw forces to re-route packet?

[John Nielsen]

On Feb 1, 2015, at 3:23 PM, Lev Serebryakov <lev at freebsd.org> wrote:

> "man 8 ipfw" doesn't state, that setting new fib on "out" packet
> (whrn routing decision is done and output interface is known) change
> routing decision:
> 
> ""The packet is tagged so as to use the FIB (routing table) fibnum in
> any subsequent forwarding decisions.""
> 
> But according to ip_output.c (around line 527) "setfib" FORCES to
> make NEW decision!
> 
> Do I read sources right? Maybe, wording in ipfw(8) should be changed?

AFAIK, ipfw's setfib can only be usefully applied to incoming packets (before a routing decision is made) that are passing through (and not destined for) the FreeBSD machine as a router.

For locally-originated traffic you need to either start your application(s) using setfib(1) to begin with or use ipfw fwd rules to redirect the traffic (which essentially ignores the original routing decision). Be warned that FreeBSD 10.0 had a bug which broke ipfw fwd (see the errata).

I use the latter on a multi-homed non-router machine.

$IP1/$CIDR1 is assigned to $IF1, and $GW1 is the default route for the system (just one FIB). $IP2/$CIDR2 is assigned to $IF2, and I'd like traffic originating from $IP2 to use $GW2 instead of $GW1. $LOCALTABLE is an ipfw table containing directly-connected subnets (traffic for which does not need to be routed).

ipfw table $LOCALTABLE add $IP1/$CIDR1
ipfw table $LOCALTABLE add $IP2/$CIDR2
ipfw table $LOCALTABLE add 127.0.0.0/8
...
ipfw fwd $GW2 ip from $IP2 to not "table($LOCALTABLE)" out via $IF1


JN