Policy Based Routing problem help me
Christopher Cowart
ccowart at rescomp.berkeley.edu
Wed Jul 25 23:16:57 UTC 2007
On Thu, Jul 26, 2007 at 01:26:17AM +0500, Narek Gharibyan wrote:
> I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection
> and 2 LAN connections. I need to do a policy-based routing. All I need that
> packets coming from one ISP interface return to that interface (incoming
> connections' source based routing) and the other hand do a IP based routing
> from the LAN (Some packets will goes out via ISP 1 some others via ISP 2
> depending on IPs requested). I tried to do that with ipfw fwd but it didn't
> work any way (e.g. with ip.forwarding enabled or no). Even I've disabled my
> static routes, default gw. Just it do nothing. Sample configs are
>
> ipfw add fwd ISP_gw from ${my lan} to any via ${eif}
> ipfw add fwd ISP_gw from ${my lan} to any out via ${eif}
> ipfw add fwd ISP_gw from any to any xmit ${eif}
>
> Ipfw add fwd ISP_gw from any to any via ${eif} out
>
> I don't use nat, proxy. Just need to route.
Have you compiled your kernel with the following options?
| options IPFIREWALL_FORWARD
| options IPFIREWALL_FORWARD_EXTENDED
I found that this kind of forwarding silently failed until I enabled the
EXTENDED option in addition to the typical option.
`man ipfw' briefly mentions these two kernel options in the fwd section.
--
Chris Cowart
Lead Systems Administrator
Network & Infrastructure Services, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070725/c6806732/attachment.pgp
More information about the freebsd-questions
mailing list