solaris 8 's ipfilter fastroute for policy route

snoopysafe Wed, 27 Jul 2005 20:54:24 -0700

hi,all!

I want to setup a policy routed rule on a SPARC solaris 8 multihomed host. The 
host is a webserver running apache.


I want the connection come from ISP1 to my hme0 address will route to the ISP1 
's gateway x.x.1.254. Simultaneity, connection come from ISP2 will responded by 
my hme2 through the gateway x.x.2.254. Someone call this is Policy-based 
Routing. I search the google and found the ipfilter maybe do that. But I am not 
success on my host. It seems that my fastrout rule is not take effect! 

my network is:
---------------------------
ISP1 -- x.x.1.254
         \
        hme0(x.x.1.100/24)
        hme1(x.x.2.100/24)
         /
ISP2 -- x.x.2.254

---------------------------
bash-2.03# uname -a
SunOS web 5.8 Generic_117350-26 sun4u sparc SUNW,Ultra-4


my route is (netstat -nr) :

Routing Table: IPv4
  Destination           Gateway           Flags  Ref   Use   Interface
-------------------- -------------------- ----- ----- ------ ---------
x.x.2.0                 x.x.2.100         U        1    102  hme1
x.x.1.0                 x.x.1.100         U        1     38  hme0
224.0.0.0               x.x.1.100         U        1      0  hme0
default                 x.x.1.254         UG       1  24208
127.0.0.1               127.0.0.1         UH     223 322276  lo0


my interface is (ifconfig -a):
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 4
        inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 5
        inet x.x.1.100 netmask ffffff00 broadcast x.x.1.255
        ether 8:0:20:fe:e7:4f
hme1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
        inet x.x.2.100 netmask ffffff00 broadcast x.x.2.255
        ether 0:3:ba:22:82:cb

bash-2.03# ipf -V
ipf: IP Filter: v4.1.8 (592)
Kernel: IP Filter: v4.1.8
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0x187

bash-2.03# ipfstat -oil
pass out log quick on hme0 to hme1:x.x.2.254 from x.x.2.100/32 to any
pass in log quick from any to any

bash-2.03# ipmon
...
28/07/2005 11:11:06.515709 hme1 @0:1 p b.b.109.15 -> x.x.2.100 PR icmp len 20 
84 icmp echo/0 IN
28/07/2005 11:11:06.515754 hme0 @0:1 p x.x.2.100 -> b.b.109.15 PR icmp len 20 
84 icmp echoreply/0 OUT
...                           ^wrong interface
--------------------------------

Thanks for any help.


snoopysafe
2005-7-28 10:48:10

solaris 8 's ipfilter fastroute for policy route

Reply via email to