Policy Based Routing problem help me

[Christopher Cowart]

On Thu, Jul 26, 2007 at 01:26:17AM +0500, Narek Gharibyan wrote:
> I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection
> and 2 LAN connections. I need to do a policy-based routing. All I need that
> packets coming from one ISP interface return to that interface (incoming
> connections' source based routing) and the other hand do a IP based routing
> from the LAN (Some packets will goes out via ISP 1 some others via ISP 2
> depending on IPs requested). I tried to do that with ipfw fwd but it didn't
> work any way (e.g. with ip.forwarding enabled or no). Even I've disabled my
> static routes, default gw. Just it do nothing. Sample configs are
> 
> ipfw add fwd ISP_gw from ${my lan} to any via ${eif}
> ipfw add fwd ISP_gw from ${my lan} to any out via ${eif}
> ipfw add fwd ISP_gw from any to any xmit ${eif}
> 
> Ipfw add fwd ISP_gw from any to any via ${eif} out
> 
> I don't use nat, proxy. Just need to route.

Have you compiled your kernel with the following options?
|  options IPFIREWALL_FORWARD
|  options IPFIREWALL_FORWARD_EXTENDED

I found that this kind of forwarding silently failed until I enabled the
EXTENDED option in addition to the typical option.

`man ipfw' briefly mentions these two kernel options in the fwd section.

-- 
Chris Cowart
Lead Systems Administrator
Network & Infrastructure Services, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070725/c6806732/attachment.pgp