From owner-freebsd-ipfw  Tue Aug 17 23: 8:20 1999
Delivered-To: freebsd-ipfw@freebsd.org
Received: from t47.tempest.sk (t47.tempest.sk [195.28.100.47])
	by hub.freebsd.org (Postfix) with ESMTP id 0647014A0B
	for <freebsd-ipfw@FreeBSD.ORG>; Tue, 17 Aug 1999 23:08:16 -0700 (PDT)
	(envelope-from ludo_koren@tempest.sk)
Received: (from koren@localhost)
	by t47.tempest.sk (8.9.3/8.9.3) id IAA57956;
	Wed, 18 Aug 1999 08:08:46 +0200 (CEST)
	(envelope-from koren)
Date: Wed, 18 Aug 1999 08:08:46 +0200 (CEST)
Message-Id: <199908180608.IAA57956@t47.tempest.sk>
From: Ludo Koren <ludo_koren@tempest.sk>
To: norman@nttmcl.com
Cc: freebsd-ipfw@FreeBSD.ORG
In-reply-to: 
	<Pine.GSO.3.95LJ1.1b4.990817164514.27565B-100000@alicia.nttmcl.com>
	(message from Norman Nie on Tue, 17 Aug 1999 16:46:15 -0700 (PDT))
Subject: Re: ipfw + bridging: fwd rule enacted but no effect
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



> I'm having problems with ipfw fwd + bridging.  Please help!

> My setup is:

> [A]-----[fxp0:D:fxp1]-----[C] fxp2 ---- | | [B]



> D is the box that runs ipfw + bridging.

> My rule is very simple:

> 100 fwd B log all from A to C last rule allow from any to any

> Ideally , it should redirect any packets from A to C and emit
> them out on interface fxp2 (linked to B).  And those packets
> are to be dropped dead on B.

> What happened is that logging messages indicate that rule 100
> were envoked but with no effect.  One can still ping from A to
> C.


> IPFW with no bridging (ie. machine B acting as a router) works
> fine.

> Bridging alone works fine.

> But when combining ipfw + bridging, the fwd command doesn't
> work.

> Any one has the same problem before?

> Also, I assume when doing bridging, I don't need to config the
> routing table in machine B.  Is this correct?

Several days ago I sent similar question with no answer. After looking
into the source code I realized this feature is not implemented. I
spoke about it with Luigi Rizzo who has implemented the bridging
stuff. He suggested that it's not appropriate for bridging as such. It
should be done in `higher level'. But the problem is you need
configuration as a gateway.

Basically, I was convinced to implement it, but now I am considering if
the solution is technically correct (e.g. I will not get troubles if
the load on bridge will be high).

ludo


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message