On 5/16/06, Matthew <[EMAIL PROTECTED]> wrote:
I recommend you install tcptraceroute: /usr/ports/net/tcptraceroute/
tcptraceroute will let you specify the interface so you can test your
configuration.
For example, I have a FWD rule:
ipfw add 420 fwd 192.168.10.10 tcp from 84.16.244.0/24 to any
[EMAIL PROTECTED] tcptraceroute -s 84.16.244.178 -i gif0 www.google.com
Selected device gif0, address 84.16.244.178, port 12154 for outgoing packets
Tracing the path to www.google.com (72.14.203.99) on TCP port 80, 30 hops
max
1 192.168.10.10 (192.168.10.10) 107.013 ms 106.731 ms 106.697 ms
2 fragw.gatewayrouter.net (84.16.224.1) 107.287 ms 107.211 ms 107.352
ms
3 fragw1.gatewayrouter.net (217.20.117.10) 106.937 ms 107.240 ms
106.986 ms
4 rtr-1.decix-germany.eweka.nl (80.81.192.224) 107.090 ms 107.509 ms
107.103 ms
-- Matthew
This really highlights my problem that traffic with a source ip of
192.168.1.1 isn't being forwarded properly to 192.168.1.254. I have
removed all my NAT related rules for testing and have just the
following:
ipfw -f flush
ipfw -f pipe flush
ipfw add fwd 192.168.1.254 tcp from 192.168.1.1 to any
ipfw add allow all from any to any
When I do a tcptraceroute as outlined above:
$sudo tcptraceroute -s 192.168.1.1 -i em0 google.com
Selected device em0, address 192.168.1.1, port 56472 for outgoing packets
Tracing the path to google.com (72.14.207.99) on TCP port 80, 30 hops max
1 * * *
I get nowhere.
I can get out just fine on bge1, since 192.168.2.254 is my default
gateway on the machine.
I am starting to feel like the fwd directive is simply broken on this
machine... Could there be some kernel options that I'm missing? Are
there any other places I should look for something silly that might be
breaking forward? Again, this did in fact work with pf on this
machine, due to "policy" I need to get it working in ipfw.
Jared Baldridge
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
