Hello,
I am trying the new FIB stuff on -STABLE with IPFW, I made many tests
and it did not work as I expected.
Quick testing:
# lynx -dump http://www.whatismyip.org
200.165.75.10
# setfib -1 lynx -dump http://www.whatismyip.org
189.52.141.2
# setfib -2 lynx -dump http://www.whatismyip.org
201.91.92.154
# ipfw -q flush
# ipfw add 1 setfib 1 all from any to any
00001 setfib 1 ip from any to any
# lynx -dump http://www.whatismyip.org
200.165.75.10
Check for counters:
# ipfw -q add 2 allow all from any to any fib 1
# ipfw show
00001 388599 139653215 setfib 1 ip from any to any
00002 4253 2221474 allow ip from any to any fib 1
65535 2419650 983279227 allow ip from any to any
# lynx -dump http://www.whatismyip.org
200.165.75.10
# setfib -1 lynx -dump http://www.whatismyip.org
189.52.141.2
Is anything wrong with my concepts? I would like to know if -CURRENT
has the same behavior, can someone please test?
--
===========
Eduardo Meyer
pessoal: dudu.me...@gmail.com
profissional: ddm.farmac...@saude.gov.br
Eduardo,
This will not work this way...
The socket used by lynx (in this case) get its data is routed by the default
fib table (1) before ipfw can see the packet.
When ipfw rule is applied the packet is already routed and you wont get what
you want.
As far as i know (not too much :)) you will need to use the fwd rules to
redirect the local packets. Setfib rules work for packets that are comming
from an interface and need to be routed to another (non local traffic).
Setfib will not re-route the packet.
Luiz
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
