Narek Gharibyan wrote:
Thank you very much,
Relaying on your help reach to success but rules differ from yours a little
bit. My working rules listed below:
ipfw add fwd A all from ${inet1}:${imask1} to any out recv ${iif1}
ipfw add fwd B all from ${inet}:${imask} to any out recv ${iif}
the following two rules shouldnto be needed if your routes are correct.
ipfw add fwd G all from any to ${inet1}:${imask1} out via ${iif1}
ipfw add fwd H all from any to ${inet}:${imask} out via ${iif}
I don't know what onet is..
ipfw add fwd A all from ${onet1}:${omask1} to any out
ipfw add fwd B all from ${onet}:${omask} to any out
ipfw add fwd A all from ${inet1}:${imask1} to any out
ipfw add fwd B all from ${inet}:${imask} to any out
The only problem last is when someone (from provider A) try to access ftp
server via B it connects but didn't do "Get Directory" command. Ipfw doesn't
matter I checked. I think it is specification of ftp- data 20 port
(connection opening problem). Can you describe me how it take place via 20
port or find the wrong line in ipfw fwd rules?
ftp is a problem as it negotiates new ports for data.
That is why people use Passive mode FTP. it doesn't do that.
Best regards,
Narek
-----Original Message-----
From: Julian Elischer [mailto:[EMAIL PROTECTED]
Sent: Monday, July 30, 2007 2:02 AM
To: Narek Gharibyan
Subject: Re: Policy - based Routing problem Need help
Narek Gharibyan wrote:
Yes your written rules are correct, You think exactly
I want to do ALSO
1. Packets coming from ISP-B (B network)into C SHOULD go out only via xx0
(as they came)
# make sure WE can talk to the back nets
# and ourself
ipfw add 1 allow ip from any to any via lo0
ipfw add 2 allow ip from me to G
ipfw add 3 allow ip from me to H
# the next 2 rules are not actually needed as any packets
# going to G and H will go the right way anyhow.
# ipfw add 4 fwd (G) ip from any to G out recv xx0
# ipfw add 5 fwd (H) ip from any to H out recv xx1
# The next rules ARE needed.
ipfw add 6 fwd (A) ip from G to any out recv yy0
ipfw add 7 fwd (B) ip from H to any out recv yy1
ipfw add 8 fwd (A) ip from (C) to any out
ipfw add 9 fwd (B) ip from (D) to any out
2. Packets coming from ISP-A (A network) into D Should go out only via xx1
(as they came)
Saying by another words packets should leave my network via interface they
came.
3. Packets coming from E should go out via xx0
4. Packets coming from F should go out via xx1
Also I try from inside to forward packets without default gateway using
via
A or B with the commands
Ipfw add fwd A all from G to any xmit (or via) xx0
and it didn't work, I've compiled my kernel with IPFIREWALL,
IPFIREWALL_FORWARD, and set net.inet.ip.forwarding=1 in sysctl.conf.
Surely
I will try your configuration on Monday, but it seems ipfw fwd nothing do
forwarding. So how to write for reaching the results (1.,2.,3.,4.)?
Regards,
Narek
-----Original Message-----
From: Julian Elischer [mailto:[EMAIL PROTECTED]
Sent: Sunday, July 29, 2007 1:49 PM
To: Narek Gharibyan
Subject: Re: Policy - based Routing problem Need help
Narek Gharibyan wrote:
The right drawing is that one below
_______ ___________
-[ISP-A](A)----(C)[xx0 yy0](E)--(G)[NAT ]
[ FBSD ] [ Windows ](X)-----LAN
-[ISP-B](B)----(D)[xx1 yy1](F)--(H)[NAT ]
~~~~~~~ ~~~~~~~~~~~
We can't use only FreeBSD box, we need also use Windows box, due to our
company's policy. So you suggestion is not an option. I think we need a
different solution.
ok.
now that we have established the exact layout,
what is it exactly that you want to do?
I gather that you want packets that come into D to go out of F
and packets that come in through C should go out via E
this is achieved by:
ipfw add 1 fwd (G) ip from any to G out recv xx0
ipfw add 2 fwd (H) ip from any to H out recv xx1
what else do you wish it to do?
Regards,
Narek
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
