IPFW fwd not working after upgrade from 9.2 to 10.0
John Nielsen
lists at jnielsen.net
Thu Feb 6 05:59:30 UTC 2014
On Feb 5, 2014, at 5:54 PM, Michael Sierchio <kudzu at tenebras.com> wrote:
> compile a kernel with more than the default 2 FIB tables (16 for example), and
>
> setfib 0 route add default $GATEWAY_A
> setfib 1 route add default $GATEWAY_B
> setfib 2 route add default $GATEWAY_C
>
> [ ... ]
>
> ipfw table 1 add $NET_LAN 0
> ipfw table 1 add $NET_VOIP 2
> ipfw table 1 add $NET_VPN 0
> ipfw table 1 add $NET_WIFI 0
> ipfw table 1 add $NET_GUEST 1
> ipfw table 1 add $NET_SECURITY 0
> ipfw table 1 add $NET_COMMON 1
> ipfw table 1 add $NET_FINANCE 1
> ipfw table 1 add $NET_CORE 2
> ipfw table 1 add $NET_EVENT 0
>
> [ ... ]
>
> ipfw add 00500 setfib tablearg ip from table\(1\) to any in lookup src-ip 1
Thanks for the suggestion, but unless something has changed recently using setfib with ipfw is only effective for routed traffic, not packets that originate locally (the routing decision has already been made by the time the outgoing packet goes through ipfw).
Running specific processes with an alternate FIB could be a partial workaround but it's a lot less elegant. Really I'd like to know what's going on in 10.0 that keeps the ipfw fwd solution from working like it did in 9.2.
JN
More information about the freebsd-stable
mailing list