Hello,

I have 3 machines configured like this:

A: rtk0: 192.168.0.1/24
   vmnet1: 172.16.212.1/24
B: rtk0: 192.168.0.2/24
C: vmnet1: 172.16.212.2/24

Both, B & C have the default route in A

I wanted to do some policy routing using IPF so i did the following:

B:
# ifconfig lo0 100.100.100.100 netmask 255.0.0.0 alias
# route add 100.0.0.0 -netmask 255.0.0.0 100.100.100.100

A:
I added the following line in the ipf config:
block in quick on vmnet1 to rtk0:192.168.0.2 from 172.16.212.2/32 to 
100.0.0.0/8

C:
# ping 100.100.100.100
PING 100.100.100.100 (100.100.100.100): 56 data bytes
64 bytes from 100.100.100.100: icmp_seq=58 ttl=254 time=0.713 ms
^C^C
----100.100.100.100 PING Statistics----
98 packets transmitted, 1 packets received, 99.0% packet loss
round-trip min/avg/max/stddev = 0.713/0.713/0.713/0.000 ms

meanwhile i tcpdump-ed all three interfaces (vmnet on C, rtk on both A & B) 
and i so that ipfilter is doing the correct thing. it routes the packets from 
C to B. On B i saw that the packets were reaching the interface. But nothing 
else. Only echo request, no echo replies. I saw a single echo reply dropped 
on that interface that reached back C.

I removed the filters on A and did:
# route add 100.0.0.0 -netmask 255.0.0.0 192.168.0.2
and everything worked fine.

So, what could be the problem ? Why B is responding differently to the kernel 
routing interface generated packets and why is responding differently on the 
ipfilter generated packets ? Why is responding correctly to 1% of packets ?

Thank you,
Mihai