[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    RE: problem with "to [interface]" keyword
From:       "Lennart Blomstrom" <blomman () telia ! net>
Date:       1999-08-25 20:14:52
[Download RAW message or body]

Hi
I'm have the same problem with FreeBSD3.2R and IPF3.3.1.
It worked in IPF3.2.11beta12 (and patches), but no more.
pass in quick on fxp0 to fxp1:10.1.15.1 from 10.1.16.2/32 to any

">ipfstat -hio" shows a hit, but the packet does not get "fastrouted" it
goes to normal forwarding.

Im I doing sometjing wrong, does anybody else have it working ?

/blomman

> -----Original Message-----
> From: owner-ipfilter@coombs.anu.edu.au
> [mailto:owner-ipfilter@coombs.anu.edu.au]On Behalf Of Norman Nie
> Sent: den 23 augusti 1999 19:19
> To: darrenr@reed.wattle.id.au
> Cc: ipfilter@coombs.anu.edu.au
> Subject: problem with "to [interface]" keyword
>
>
> Hi Dareen,
>
> I'm having a problem regarding the "to [interface]" keyword.  The result
> seems contrary to the following description:
>
> On Tue, 10 Aug 1999, Darren Reed wrote:
>
> > If it's just 'to ifp', then it does a route lookup based on the
> > destination IP address but emits it out that interface anyway.
>                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> My setup is:
>
> [A]-----[fxp0:D:fxp1]-----[C]
>              fxp2
>              ----
> 	      |
> 	      |
>              [B]
>
>
> A, B, C belong to different subnets. The routing tables are properly setup
> so that one can ping between any two hosts without ipfilter.  D is the box
> that runs ipfilter.
>
> My rule is:
>
> pass in on fxp0 to fxp2 from A to C
>
> Ideally , it should redirect any packets from A to C and emit them
> out on interface fxp2 (linked to B).  And those packets are to be dropped
> dead on B.
>
> But in reality pinging from A to C still works as usual even though it
> shouldn't.  ">ipfstat -hio" show that the above rule has been hit.
>
> Did I do anything wrong? I'm using freebsd3.2 and ipf3.2.11(the lastest
> one before ipf3.3).
>
> Any commets highly appreciated.
>
> Thanks a lot,
>
> Norman Nie
>
>
>

[prev in list] [next in list] [prev in thread] [next in thread]