On Thu, Jul 26, 2007 at 01:26:17AM +0500, Narek Gharibyan wrote: > I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection > and 2 LAN connections. I need to do a policy-based routing. All I need that > packets coming from one ISP interface return to that interface (incoming > connections' source based routing) and the other hand do a IP based routing > from the LAN (Some packets will goes out via ISP 1 some others via ISP 2 > depending on IPs requested). I tried to do that with ipfw fwd but it didn't > work any way (e.g. with ip.forwarding enabled or no). Even I've disabled my > static routes, default gw. Just it do nothing. Sample configs are > > ipfw add fwd ISP_gw from ${my lan} to any via ${eif} > ipfw add fwd ISP_gw from ${my lan} to any out via ${eif} > ipfw add fwd ISP_gw from any to any xmit ${eif} > > Ipfw add fwd ISP_gw from any to any via ${eif} out > > I don't use nat, proxy. Just need to route.
Have you compiled your kernel with the following options? | options IPFIREWALL_FORWARD | options IPFIREWALL_FORWARD_EXTENDED I found that this kind of forwarding silently failed until I enabled the EXTENDED option in addition to the typical option. `man ipfw' briefly mentions these two kernel options in the fwd section. -- Chris Cowart Lead Systems Administrator Network & Infrastructure Services, RSSP-IT UC Berkeley
signature.asc
Description: Digital signature