On Thu, Jul 26, 2007 at 01:26:17AM +0500, Narek Gharibyan wrote:
I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection
and 2 LAN connections. I need to do a policy-based routing. All I need that
packets coming from one ISP interface return to that interface (incoming
connections' source based routing) and the other hand do a IP based routing
from the LAN (Some packets will goes out via ISP 1 some others via ISP 2
depending on IPs requested). I tried to do that with ipfw fwd but it didn't
work any way (e.g. with ip.forwarding enabled or no). Even I've disabled my
static routes, default gw. Just it do nothing. Sample configs are
ipfw add fwd ISP_gw from ${my lan} to any via ${eif}
ipfw add fwd ISP_gw from ${my lan} to any out via ${eif}
ipfw add fwd ISP_gw from any to any xmit ${eif}
Ipfw add fwd ISP_gw from any to any via ${eif} out
I don't use nat, proxy. Just need to route.
Have you compiled your kernel with the following options?
| options IPFIREWALL_FORWARD
| options IPFIREWALL_FORWARD_EXTENDED
I found that this kind of forwarding silently failed until I enabled the
EXTENDED option in addition to the typical option.
`man ipfw' briefly mentions these two kernel options in the fwd section.
--
Chris Cowart
Lead Systems Administrator
Network Infrastructure Services, RSSP-IT
UC Berkeley
signature.asc
Description: Digital signature
