PBR in FreeBSD 8 (ipfw fwd/setfib/pf)

drTr0jan

New Member


Messages: 5

There are two servers - FreeBSD-7 (i386) and FreeBSD-8 (amd64) with identical network settings.
DG: 192.168.0.1

Equal ipfw settings:
Code:
FreeBSD-7:
00100 fwd 192.168.0.2 ip from 192.168.0.7 to any 
01000 allow ip from any to any 

FreeBSD-8: 
00100 fwd 192.168.0.2 ip from 192.168.0.4 to any 
01000 allow ip from any to any

Policy-based routing works success at FreeBSD-7, but doesn't work at FreeBSD-8
Code:
FreeBSD-7:/home/drtr0jan# traceroute -s 192.168.0.7 -n ya.ru 
traceroute: Warning: ya.ru has multiple addresses; using 93.158.134.8 
traceroute to ya.ru (93.158.134.8) from 192.168.0.7, 64 hops max, 40 byte packets 
 1  192.168.0.2  0.507 ms  0.896 ms  0.986 ms 
^C 
FreeBSD-7:/home/drtr0jan# traceroute -n ya.ru 
traceroute: Warning: ya.ru has multiple addresses; using 77.88.21.8 
traceroute to ya.ru (77.88.21.8) from 192.168.0.8, 64 hops max, 40 byte packets 
 1  192.168.0.1  1.175 ms  1.091 ms  1.206 ms 
^C 
FreeBSD-8:/var/log# traceroute -n ya.ru 
traceroute: Warning: ya.ru has multiple addresses; using 93.158.134.8 
traceroute to ya.ru (93.158.134.8) from 192.168.0.3, 64 hops max, 52 byte packets 
 1  192.168.0.1  1.214 ms  1.054 ms  1.048 ms 
^C 
FreeBSD-8:/var/log# traceroute -s 192.168.0.4 -n ya.ru 
traceroute: Warning: ya.ru has multiple addresses; using 77.88.21.8 
traceroute to ya.ru (77.88.21.8) from 192.168.0.4, 64 hops max, 52 byte packets 
 1  * * *
I has checked network interface on FreeBSD-8 and network interface on Redcom by tcpdump - packet was missed.

There is similar situation with setfib or pf - packets doesn't go to 192.168.0.2.

Kernel config:
Code:
options         IPFIREWALL 
options         IPFIREWALL_FORWARD 
options         ROUTETABLES=4
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,932
Messages: 33,331

Is 192.168.0.4 allowed access on the machine with 192.168.0.2?
 
Top