On Wed, Dec 31, 2003 at 03:48:11AM -0800, afshin wrote: > You know I Use ipf with for example pass xl1:1.2.3.4 > from 1.2.3.5/24 to any > BUT, The Problem is that when I use this, the 1.2.3.5 > cannot access the local IPs, > Without looking at routing tables of the router it > QUICKLY passes it to the NEW gateway.
FWIW, I usually do all filtering using ipf but at one site I'm administering I had to do source routing so I implemented the routing part with ipfw and the (stateful) filtering with ipf. This works great there. If needed, I can dig up some config next week and post it here. Regards, Paul Schenkeveld, Consultant PSconsult ICT Services BV > Thanks > AFShhin > > > --- Ruslan Ermilov <[EMAIL PROTECTED]> wrote: > > On Tue, Dec 30, 2003 at 11:25:46AM -0800, afshin > > wrote: > > > > > > > What is missing in ipfw(8) and its ``fwd'' > > option > > > > from being a > > > > successful implementation of policy routing? > > > > > > > > - by using the match probability feature, you > > can > > > > implement > > > > the equal-access routing; > > > > > > > > - by checking the source IP adress, you can > > > > implement > > > > the source-sensitive routing; > > > > > > > > - by checking the IP TOS field, you can > > implement > > > > the > > > > quality-of-service routing; > > > > > > > > - etc. > > > > > > > > > > Dear Ruslan, > > > Yes, That is what I really want, But it didn't > > worked > > > when I tried it. > > > Would you mind please give me an working example > > of it > > > ? > > > Really thank you all in advance, > > > AFShin (AAS) > > > > > Sorry, but I don't have one to share. Those that I > > have > > are proprietary. But we could work with your > > examples > > to a level to make them work. ;) > > > > > > Cheers, > > -- > > Ruslan Ermilov > > FreeBSD committer > > [EMAIL PROTECTED] > > > > > ATTACHMENT part 2 application/pgp-signature > > > > __________________________________ > Do you Yahoo!? > Find out what made the Top Yahoo! Searches of 2003 > http://search.yahoo.com/top2003 > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
