Re: Issue with IPFW forward

Fri, 22 Sep 2006 18:05:51 -0700 

Jean-Yves Avenard wrote:


Hello

I apologize in advance if this is not the right place to ask, in which
case could you point me where would be the right place ?


I've been trying to use two ADSL connection on the same machine, and
that it will answer traffic using the same connection it went through

Unfortunately, I can't get it to work.

A more accurate description of my system:

FreeBSD 6.1
two PPPoE link

ifconfig:
tun1: flags=8051<UP,POINTOPOINT,RUNNIĀ­ NG,MULTICAST> mtu 1492
inet 1.1.1.1 --> 10.10.10.10 netmask 0xffffffff
tun2: flags=8051<UP,POINTOPOINT,RUNNIĀ­ NG,MULTICAST> mtu 1492
inet 2.2.2.2 --> 20.20.20.20 netmask 0xffffffff

netstat -rn would give me:

Destination Gateway Flags Refs Use Netif Expire
default 10.10.10.10 UGS 0 4344 tun1
20.20.20.20 2.2.2.2 UH 0 6 tun2

I then added:
ipfw add 10 fwd 20.20.20.20 log ip from 2.2.2.2 to any
ipfw add 20 allow ip from any to any

if on a remote machine I do:
ping 2.2.2.2, nothing comes back
however, I can see the IPFW counter increasing while the ping command
is running.

If I try to ssh to 2.2.2.2, In the log I see:
Sep 22 19:08:32 gateway kernel: ipfw: 10 Forward to 20.20.20.20 TCP
2.2.2.2:22 203.214.80.131:38069 out via tun1

As you can see, it is still trying to go through tun1 when I believe
it should go through tun2 !

I can ping 20.20.20.20 without issues from the freebsd server, so I
believe the static route there is okay.

Have I missed something obvious?
Thanks for helping me out



there is a stupid option in 6.1 (that I have removed in 6.2)
called IPFIREWALL_FORWARD_EXTENDED
(check the spelling)
if you don't have it you can not forward any packet that has a local address as either 
the source or destination... See if setting it fixes your problem,
in 6.2 you shouldn't have to worry about it (certainly in 7.0)

julian


JY
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to