SRX Services Gateway
Reply
Contributor
layard
Posts: 39
Registered: ‎12-06-2009
0

Filter Based Forwarding issue

Hello, im trying to configure a FBF on an interface to route a traffic to an specific default gateways. I wan't to know in which is the hierarchy of the evaluation of the routing tables/instances.

 

In the default routing table i have a route to the network that a want to redirect to all traffic that comes in from all interfaces except the one that im appliying the filter.

 

The problem is that it's still forwarding the traffic from the subnet configured in the firewall filter to the gateway of the default routing table, not the gateway on the routing instance.

 

Here is the configuration:

 

##### Default routing table ####

routing-options {
    interface-routes {
         rib-group inet default;
    }


 static {
 route 172.17.0.0/24 next-hop 192.168.1.1;

}

 

rib-groups {
        default {
            import-rib [ inet.0  My-Routing-Instance.inet.0 ];
        }

}

 

##### The Firewall Filter #####

 

firewall {
    family inet {
        filter My-Firewall-Filter {
            term 1 {
                from {
                    source-address {
                        192.168.70.0/24;
                    }
                }
                then {
                    routing-instance My-Routing-Instance
                }
            }
            term default {
                then accept;
            }
     }

}

 

 

#### Routing Instance ####

 

routing-instances {
    My-Routing-Instance {
        routing-options {
            static {
                route 172.17.0.0/24 next-hop 192.168.2.1;
            }
        }
    }

 

#### Applying the filter to the interface ####

 

 ge-0/0/3 {
        unit 0 {
            family inet {
                filter {
                    input My-Firewall-Filter;
                }
                192.168.70.1/32;
            }
        }
    }

 

Any ideas??? shouldn't it work?

LT
Contributor
Z-Blocker
Posts: 33
Registered: ‎01-05-2009
0

Re: Filter Based Forwarding issue

Hi,

 

Maybe I mmisunderstood but isn't it possible to route your traffic from the default inet.0 to the routing-instance My-Routing-Instance? Something as "set routing-options static route 172.17.0.0/24 next-table My-Routing-Instance.inet.0"

You should also specify what instance-type your routing instance should be.

 

Z.

 

Contributor
layard
Posts: 39
Registered: ‎12-06-2009
0

Re: Filter Based Forwarding issue

The routing instance type is forwarding, i forgot to paste it. 

 

I just want that the traffic that match the filter goes to the 192.168.2.1, all other traffic for the network 172.17.0.0 goes to 192.168.1.1

 

Do you understand?

 

 

LT
Contributor
Z-Blocker
Posts: 33
Registered: ‎01-05-2009
0

Re: Filter Based Forwarding issue

Hi,

 

I understand I think, you want to do some sort of source-based routing.

The configuration is Ok I think, maybe that your security policy is still blocking traffic.

 

 

Z.

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.