On Feb 5, 2014, at 5:54 PM, Michael Sierchio <ku...@tenebras.com> wrote:
> compile a kernel with more than the default 2 FIB tables (16 for example), and > > setfib 0 route add default $GATEWAY_A > setfib 1 route add default $GATEWAY_B > setfib 2 route add default $GATEWAY_C > > [ ... ] > > ipfw table 1 add $NET_LAN 0 > ipfw table 1 add $NET_VOIP 2 > ipfw table 1 add $NET_VPN 0 > ipfw table 1 add $NET_WIFI 0 > ipfw table 1 add $NET_GUEST 1 > ipfw table 1 add $NET_SECURITY 0 > ipfw table 1 add $NET_COMMON 1 > ipfw table 1 add $NET_FINANCE 1 > ipfw table 1 add $NET_CORE 2 > ipfw table 1 add $NET_EVENT 0 > > [ ... ] > > ipfw add 00500 setfib tablearg ip from table\(1\) to any in lookup src-ip 1 Thanks for the suggestion, but unless something has changed recently using setfib with ipfw is only effective for routed traffic, not packets that originate locally (the routing decision has already been made by the time the outgoing packet goes through ipfw). Running specific processes with an alternate FIB could be a partial workaround but it's a lot less elegant. Really I'd like to know what's going on in 10.0 that keeps the ipfw fwd solution from working like it did in 9.2. JN _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
