IPFW policy routing...

Marcelo Celleri marceloc at espoltel.net
Thu Nov 10 17:31:55 GMT 2005 

Hi,

 

I'm trying to move from Linux to FreeBSD, but the most difficult part in
this change it seems to be the transition from iproute2 to ipfw to make
policy routing, this case works on Linux but I'm still not able to get it
works on FreeBSD.

 

Net1: 192.168.0.0/25

Net2: 192.168.0.128/25

 

Default GW: 69.x.x.193 (ISP1)

Alternate GW: 69.x.x.203 (ISP2)

 

NAT Address to use with Net1: 200.X.X.35

NAT Address to use with Net2: 201.X.X.35

 

                                   |           Packet1 from 192.168.0.0/25

                                   |           Packet2 from 192.168.0.128/25

                         ______|______ em1: 192.168.0.1

                        |                       |  

                        |                       |

                        |_____________|

                                   |           em0: 69.x.x.194

                        ______ |____________________

       Packet1     |                                              |
Packet2

     200.x.x.35   |                                              |
201.x.x.35

            ______ |______                        ______ | ______

            |                       |                       |
|

            |    69.x.x.193    |                       |    69.x.x.203    |


            |_____________|                       |_____________|           

                        |                                              |


                        |                                              | 

                     ISP1                                        ISP2

 

So, when the packet 1 reaches the default gw, was modified by NAT in my
FreeBSD box, getting the src address of 200.x.x.35, and when the packet 2
reaches the alternate gw (69.x.x.203), it was also modified by NAT with the
src address 201.x.x.35, that's working ok, but the redirection fails, here's
my ipfw configuration, where all is allowed by default.

 

natd -a 200.x.x.35 -p 8668

natd -a 201.x.x.35 -p 8669

 

ipfw add 30 divert 8668 all from any to 200.x.x.35 in recv em0

ipfw add 30 divert 8668 all from 192.168.0.0/25 to any out xmit em0

ipfw add 40 divert 8669 all from any to 201.x.x.35 in recv em0

ipfw add 40 divert 8669 all from 192.168.0.128/25 to any out xmit em0

ipfw add 50 fwd 69.x.x.203 all from 192.168.0.128/25 to any

 

I have tried changing the last line for, but the results were the same:

ipfw add 50 fwd 69.x.x.203 all from 192.168.0.128/25 to any in recv em1

ipfw add 50 fwd 69.x.x.203 all from 201.x.x.35 to any

 

I have read about policy routing and it seems that everything is in order,
but still doesn't work.Please help!


-- 
Este mensaje ha sido analizado por el antivirus de ESPOLTEL S.A.
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.

More information about the freebsd-questions mailing list