On Friday 04 December 2009 09:47:37 Lytochkin Boris wrote: > It seems that FreeBSD 8 has ipfw fwd and pf's route-to malfunctioning: > 1) ipfw fwd > a) net.inet.ip.forwarding = 0 > Packets altered by fwd rule are silently dropped somewhere > between ip_output() checking forward tag and bpf (tcpdump does not > show these packets) > b) net.inet.ip.forwarding = 1 > Packets altered by fwd rule are forwarded according to normal > routing table (in my case they were forwarded to default gateway), not > fwd statement > > 2) pf route-to > Both values of net.inet.ip.forwarding replicates 1b case. > > Sample configs > > 1) ipfw > add 60 fwd 10.60.128.254 ip from 10.60.128.0/24 to any out > add 65534 allow ip from any to any > > 2) pf > scrub in all fragment reassemble > pass in all flags S/SA keep state > pass out quick route-to (em0 10.60.128.254) inet from 10.60.128.0/24 > to any flags S/SA keep state
I can not reproduce this. My (cursory) test on a r197983 install suggests that route-to is working as it should. Your rules are a bit strange and might result in asymmetric states that can result in dropped tcp-sessions, but the basic route-to is correct. Can you share more details about your setup: netstat -rnfinet, pfctl -vvsr (after passing some traffic that was supposed to hit the route-to rule) and how exactly your default gateway and the alternative router are connected to your pf-box? Thanks in advance. -- Max _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
