drTr0jan
March 18th, 2010, 15:29
There are two servers - FreeBSD-7 (i386) and FreeBSD-8 (amd64) with identical network settings.
DG: 192.168.0.1
Equal ipfw settings:
FreeBSD-7:
00100 fwd 192.168.0.2 ip from 192.168.0.7 to any
01000 allow ip from any to any
FreeBSD-8:
00100 fwd 192.168.0.2 ip from 192.168.0.4 to any
01000 allow ip from any to any
Policy-based routing works success at FreeBSD-7, but doesn't work at FreeBSD-8
FreeBSD-7:/home/drtr0jan# traceroute -s 192.168.0.7 -n ya.ru
traceroute: Warning: ya.ru has multiple addresses; using 93.158.134.8
traceroute to ya.ru (93.158.134.8) from 192.168.0.7, 64 hops max, 40 byte packets
1 192.168.0.2 0.507 ms 0.896 ms 0.986 ms
^C
FreeBSD-7:/home/drtr0jan# traceroute -n ya.ru
traceroute: Warning: ya.ru has multiple addresses; using 77.88.21.8
traceroute to ya.ru (77.88.21.8) from 192.168.0.8, 64 hops max, 40 byte packets
1 192.168.0.1 1.175 ms 1.091 ms 1.206 ms
^C
FreeBSD-8:/var/log# traceroute -n ya.ru
traceroute: Warning: ya.ru has multiple addresses; using 93.158.134.8
traceroute to ya.ru (93.158.134.8) from 192.168.0.3, 64 hops max, 52 byte packets
1 192.168.0.1 1.214 ms 1.054 ms 1.048 ms
^C
FreeBSD-8:/var/log# traceroute -s 192.168.0.4 -n ya.ru
traceroute: Warning: ya.ru has multiple addresses; using 77.88.21.8
traceroute to ya.ru (77.88.21.8) from 192.168.0.4, 64 hops max, 52 byte packets
1 * * *
I has checked network interface on FreeBSD-8 and network interface on Redcom by tcpdump - packet was missed.
There is similar situation with setfib or pf - packets doesn't go to 192.168.0.2.
Kernel config:
options IPFIREWALL
options IPFIREWALL_FORWARD
options ROUTETABLES=4
DG: 192.168.0.1
Equal ipfw settings:
FreeBSD-7:
00100 fwd 192.168.0.2 ip from 192.168.0.7 to any
01000 allow ip from any to any
FreeBSD-8:
00100 fwd 192.168.0.2 ip from 192.168.0.4 to any
01000 allow ip from any to any
Policy-based routing works success at FreeBSD-7, but doesn't work at FreeBSD-8
FreeBSD-7:/home/drtr0jan# traceroute -s 192.168.0.7 -n ya.ru
traceroute: Warning: ya.ru has multiple addresses; using 93.158.134.8
traceroute to ya.ru (93.158.134.8) from 192.168.0.7, 64 hops max, 40 byte packets
1 192.168.0.2 0.507 ms 0.896 ms 0.986 ms
^C
FreeBSD-7:/home/drtr0jan# traceroute -n ya.ru
traceroute: Warning: ya.ru has multiple addresses; using 77.88.21.8
traceroute to ya.ru (77.88.21.8) from 192.168.0.8, 64 hops max, 40 byte packets
1 192.168.0.1 1.175 ms 1.091 ms 1.206 ms
^C
FreeBSD-8:/var/log# traceroute -n ya.ru
traceroute: Warning: ya.ru has multiple addresses; using 93.158.134.8
traceroute to ya.ru (93.158.134.8) from 192.168.0.3, 64 hops max, 52 byte packets
1 192.168.0.1 1.214 ms 1.054 ms 1.048 ms
^C
FreeBSD-8:/var/log# traceroute -s 192.168.0.4 -n ya.ru
traceroute: Warning: ya.ru has multiple addresses; using 77.88.21.8
traceroute to ya.ru (77.88.21.8) from 192.168.0.4, 64 hops max, 52 byte packets
1 * * *
I has checked network interface on FreeBSD-8 and network interface on Redcom by tcpdump - packet was missed.
There is similar situation with setfib or pf - packets doesn't go to 192.168.0.2.
Kernel config:
options IPFIREWALL
options IPFIREWALL_FORWARD
options ROUTETABLES=4