Subject: ipfilter policy-routing problem
To: None <>
From: Mihai Chelaru <>
List: current-users
Date: 05/26/2002 13:17:58

I have 3 machines configured like this:

A: rtk0:
B: rtk0:
C: vmnet1:

Both, B & C have the default route in A

I wanted to do some policy routing using IPF so i did the following:

# ifconfig lo0 netmask alias
# route add -netmask

I added the following line in the ipf config:
block in quick on vmnet1 to rtk0: from to

# ping
PING ( 56 data bytes
64 bytes from icmp_seq=58 ttl=254 time=0.713 ms
---- PING Statistics----
98 packets transmitted, 1 packets received, 99.0% packet loss
round-trip min/avg/max/stddev = 0.713/0.713/0.713/0.000 ms

meanwhile i tcpdump-ed all three interfaces (vmnet on C, rtk on both A & B) 
and i so that ipfilter is doing the correct thing. it routes the packets from 
C to B. On B i saw that the packets were reaching the interface. But nothing 
else. Only echo request, no echo replies. I saw a single echo reply dropped 
on that interface that reached back C.

I removed the filters on A and did:
# route add -netmask
and everything worked fine.

So, what could be the problem ? Why B is responding differently to the kernel 
routing interface generated packets and why is responding differently on the 
ipfilter generated packets ? Why is responding correctly to 1% of packets ?

Thank you,