Hash: SHA1

We have a bewildering problem attempting to policy route esp traffic.

We have 2 up steam internet sources: a routable T1 and a cable modem.
The cable modem provides better bandwidth so while we default to the T1,
we use policy routing to send some of our traffic out the cable modem.

In particular we use the cable modem for all the port 80 traffic via
squid. squid's source IP is the one belonging to the cable network and
we have the following ipfw rule for the policy route:

${fwcmd} add 64902 fwd ${cable_gw} ip from ${net_wan3_local} to any

cable_gw is the cable company's router.
net_wan3_local is the cable company's IP on our external interface.

This works great for all port 80 tcp traffic.

To this we added some IPSec. Racoon is hanging off the same
${net_wan3_local} and the udp port 500 traffic passes in and out thru
the cable interface as we hoped.

The bewildering part is that while the esp traffic can demonstrably be
seen to be hitting the policy route rule, those packets continue to pass
out the default route to the T1 rather than being forwarded to the cable
router as we want.

Any thoughts?
Is this a known problem?

Thank you for your time.

- --
Eric W. Bates
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

freebsd-net@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to