On Oct 20, 2006, at 3:22 PM, Brian Hawk wrote:
No, you are wrong. Packet will be forwarded to default gateway through the interface which is on same network with it. You need some kind of policy routing. I'm not very familiar with ipf but with pf you can do:

Unfortunately it doesn't go thru the interface which has Src IP address same as with it. But goes thru the default gateway. But since the Src IP address in the IP packet is, all TCP replies come from the right interface (xl1) which makes sense because the devices on the internet wouldn't make the same mistake.
pass out on $ext_if0 route-to ($ext_if1 $ext_gw1) inet from $ext_if1 to any pass out on $ext_if1 route-to ($ext_if0 $ext_gw0) inet from $ext_if0 to any
  or with ipfw you can use "fwd" rule action.

a "fwd" cannot solve my problem because it likes to forward packets to a certain IP addr or an IP:port, which is not what I want. I just need to forward (or rather route) them thru an "interface". Again, I still think this is what FreeBSD should really be doing for packets which have interface's IP as Src IP addr in the IP header.

The source address of a packet is irrelevant to normal routing; only the destination matters.

Unless you set up a routing daemon which implements other policies, the FreeBSD TCP/IP stack uses only the destination address to do a lookup in the kernel's routing table, using the most precise matching route, or the default route if one is present and no other route is available.


freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to