[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Source based (policy) routing in Solaris 9 not working
From: Bernhard Roth <br () pwrnet ! de>
Date: 2005-01-17 15:30:07
Message-ID: 41EBD9FF.9050404 () pwrnet ! de
[Download RAW message or body]
Hi!
I have strange problems when I want to do source based routing in
Solaris 9 (latest patches applied) and IPFilter 3.4.32, 3.4.35 and 4.1.5.
I use this only rule in ipf.conf:
pass out log quick on eri0 to ce0:10.1.2.1 from 10.1.2.55 to any
Here is my ifconfig output:
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 3
inet 127.0.0.1 netmask ff000000
ce0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 10.1.2.55 netmask ffffff00 broadcast 10.1.2.255
ether 0:3:ba:36:bd:6
eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 5
inet 192.168.5.11 netmask ffffff00 broadcast 192.168.5.255
ether 8:0:20:ff:88:a0
Default route is to 192.168.5.1
Router for the 10' networks is 10.1.2.1
The problem is that the ICMP packets come in on ce0 and the responses
(with ipf disabled) going out to eri0. So far so good. Then, when
activating ipfilter, the packets does not appear anymore on any
interface and seem to disappear. Only in the i pfilter log following
lines are displayed:
17/01/2005 16:28:30.740746 eri0 @0:1 p 10.1.2.55 -> 10.1.1.12 PR icmp
len 20 60 icmp echoreply/0 OUT
17/01/2005 16:28:31.742334 eri0 @0:1 p 10.1.2.55 -> 10.1.1.12 PR icmp
len 20 60 icmp echoreply/0 OUT
17/01/2005 16:28:32.779216 eri0 @0:1 p 10.1.2.55 -> 10.1.1.12 PR icmp
len 20 60 icmp echoreply/0 OUT
17/01/2005 16:28:34.245551 eri0 @0:1 p 10.1.2.55 -> 10.1.1.12 PR icmp
len 20 60 icmp echoreply/0 OUT
The icmp packets seem to go out to 10.1.1.12 (which is the host from
which I do the ping).
On the gateway 10.1.2.1 no icmp replys are visible.
What's wrong here?
Thanks for any help
Bye
Bernhard
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic