ipfw fwd problem

[zgabe]

Hi All,

I am newbie and it would be great if you could help me. I am using laptop, FreeBSD 7.1 connecting to two ISPs (wlan and ppp) and I have IPv6 addresses. 'netstat -rn' says there is only one default gateway (for example wlan's default gateway). My problem is the following:
If I ping the ppp tunnel from an other computer, my laptop recieves the ICMP6 echo request over the ppp tunnel, but it answers over the wlan interface. So If the laptop losts the wlan's connection, It becomes unreacheable. I read some similar posts but until now I was unable to solve my problem.
Can anybody help me?

Thanks in advance!

 

[zgabe]

I built a kernel with the following options:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_FORWARD

and put these lines to my rc.conf
firewall_enable="YES"
firewall_type="open"

as the handbook says.

I use the following command as root:
ipfw add 101 fwd pppgateway ipv6 from pppaddress to any

It throws "getsockopt(IP_FW_ADD): Invalid argument" error!

I have tried to set the following variables but the problem is still the same.
sysctl -w net.inet.ip.forwarding=1 and
sysctl -w net.inet6.ip6.forwarding=1

Thoughts?

 

[zgabe]

Hi All,

I am using laptop, FreeBSD 7.1 connecting to two ISPs (wlan and ppp) and I have IPv6 addresses. 'netstat -rn' says there is only one default gateway (for example wlan's default gateway). My problem is the following:
If I ping the ppp tunnel from an other computer, my laptop recieves the ICMP6 echo request over the ppp tunnel, but it answers over the wlan interface. I read some similar posts (only ipv4) about forwarding with IPFW, but I was unable to solve my problem until now.

I built a kernel with the following options:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_FORWARD

and put these lines to my rc.conf
firewall_enable="YES"
firewall_type="open"

as the handbook says.

I use the following command as root:
ipfw add 101 fwd pppgateway ipv6 from pppaddress to any

(pppgateway and pppaddress ipv6 addresses)

It throws "getsockopt(IP_FW_ADD): Invalid argument" error!

I have tried to set the following variables but the problem is still the same.
sysctl -w net.inet.ip.forwarding=1 and
sysctl -w net.inet6.ip6.forwarding=1

Can anybody help me?

 

[DutchDaemon]

Merged threads. Stop opening new ones.

 

[gelraen]

Can anybody help me?

You *don't* need ipfw fwd, you need just to read more about IP routing and add proper routes to routing table. And, possibly, you need NAT (via natd or ipfw nat or pppd) to allow other computers to use your Internet connection.

 

[zgabe]

You *don't* need ipfw fwd, you need just to read more about IP routing and add proper routes to routing table. And, possibly, you need NAT (via natd or ipfw nat or pppd) to allow other computers to use your Internet connection.

I would like to use my laptop as a multi-interfaced client in a SCTP testbed and I want to use the SCTP mutihoming ability. But when the wlan's connection losts, the laptop become unreacheable (if the default gateway is the wlan's gateway) due to only one default gateway. I read a lot about policy and source based routing with "ipfw fwd" and I started the try this way, but as you suggested I will try to add proper routes.

 

[gordon@]

This is a route selection issue. Since you can only have one default gateway, you'll need some sort of intelligent routing daemon (or failing that, static routes) to handle the case you describe.

 

[zgabe]

This is a route selection issue. Since you can only have one default gateway, you'll need some sort of intelligent routing daemon (or failing that, static routes) to handle the case you describe.

Gordon! Thank you for your answer. What kind of intelligent routing daemon do you advise for this problem? BGP? OSPF?

 

[SirDice]

You can try route6d, it's part of the base OS.

 

[zgabe]

It throws "getsockopt(IP_FW_ADD): Invalid argument" error!

Hi all!

This problem was appeared by the absence of
option IPDIVERT
line from the kernel configuration file.

But according to the following bug report the "ipfw fwd" command hasn't got any effect!

kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n

Now I continue to look for other methods to solve the my problem

 

[gordon@]

Gordon! Thank you for your answer. What kind of intelligent routing daemon do you advise for this problem? BGP? OSPF?

I suppose that really depends on what your situation is. I would doubt you can get a BGP session setup over your PPP and WLAN links. You will probably want some sort of IGP: OSPF, or RIP might work. Or failing all of that, you can just use static routes if it's a small testbed case.

 

[zgabe]

I suppose that really depends on what your situation is. I would doubt you can get a BGP session setup over your PPP and WLAN links. You will probably want some sort of IGP: OSPF, or RIP might work. Or failing all of that, you can just use static routes if it's a small testbed case.

Hi!

I attached my testbed! It's a small testbed, I don't need to look onto the internet.
The wlan gets an address from 2001:738:2001:2082::/64
The phone gets an address from 2001:738:2001:20a9::/64
The server in the 2001:738:2001:2081:/64 network.

I would like to make some SCTP failover measurement between the laptop and SCTP server. I need a solution where the packets go via the proper interfaces. (ipfw fwd doesn't work)
Static routes don't operate, because the packets always out on the default gateway.
I work on my thesis and I haven't got too much time. Can you explain an exact solution?

 

[gelraen]

I would like to use my laptop as a multi-interfaced client in a SCTP testbed and I want to use the SCTP mutihoming ability. But when the wlan's connection losts, the laptop become unreacheable (if the default gateway is the wlan's gateway) due to only one default gateway.

For this purpose, I think, most simple way is to write small script that checks ping(8) exit code and changes default gateway as needed and run it from cron(8).

 

[zgabe]

For this purpose, I think, most simple way is to write small script that checks ping(8) exit code and changes default gateway as needed and run it from cron(8).

Yes it is a possible way, but my problem is more complex. The SCTP server calculate different RTO (Retransmission Timeout) for each paths to client. RTO calculation use the RTT (Round Trip Time). But when the packets use wrong interface, the calculated RTO won't be correct. (wlan has 1ms RTT, ppp has 100ms RTT originally, but when the default gateway is the ppp's gateway, the wlan's RTT grow to 80 ms)

 

[gelraen]

Yes it is a possible way, but my problem is more complex. The SCTP server calculate different RTO (Retransmission Timeout) for each paths to client. RTO calculation use the RTT (Round Trip Time). But when the packets use wrong interface, the calculated RTO won't be correct. (wlan has 1ms RTT, ppp has 100ms RTT originally, but when the default gateway is the ppp's gateway, the wlan's RTT grow to 80 ms)

So, SCTP itself can use different route entries to send packet? Then just add such entries for each possible path. And these entries must not be the default gateways.

 

[gordon@]

I work on my thesis and I haven't got too much time. Can you explain an exact solution?

No offense, but if this is part of your thesis, it sounds like you should be able to figure it out. I'm guessing no one here has ever used SCTP (I certainly haven't).

Good luck and let us know how it goes!

 

[zgabe]

Hi all!

I think my problem is solved. As I mentioned earlier the ipfw fwd hasn't got any effect (under FreeBSD 7.1), but pf (packet filter) can forward among the interfaces too.

Here are the commands:
kldload pf

/etc/pf.conf:
pass out quick route-to (interface1_name gateway1_address) from interface1_address to any
pass out quick route-to (interface2_name gateway2_address) from interface2_address to any

pf -e -f /etc/pf.conf

Now the packets leave the computer over the proper interface independent of the default gateway.

Thanks to everyone for the help!