Date: Sat, 24 Nov 2001 14:57:49 -1000 From: Richard Puga <puga@mauibuilt.com> To: Dru <genisis@istar.ca> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW/VLAN Message-ID: <3C00420D.71694145@mauibuilt.com> References: <20011124190207.I78193-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The vlan traffic passes just fine.. the problem is I cant get ipfw to block it. if I do a tcp dump on fxp0 or fxp1 I see normal paketw with simple 801.1Q #10 in them. its thease packets that ipfw ignores, hence my problem.. Thanks again for your reply Richard Puga puga@mauibuilt.com PS if I do a tcpdump on the vlan interfaces I set up on the bridge I get no traffic.. all the traffic seems to go from fxp0 to fxp1 and if I tell ipfw to block all traffic from fxp0 to fxp1 the 802.1q packets still get through I tried bridging fxp0 to vlan0 and fxp1 to vlan1 and vlan0 to vlan1 yada yada yada.... :) Dru wrote: > On Sat, 24 Nov 2001, Richard Puga wrote: > > > Yes I do have the vlan entry in my kernel. I have tried it with and without. > > > > The MTU of the fxp cards it set to its new default of 1500 (as of 4.4) and > > curiously enough > > can not be set higher as the maximum length of an ether net packet is 1518. > > > > The bridge passes the 802.1q packets just fine and I can view them with > > tcpdump. > > > > it seems that ipfw ignores them, either treating them as a malformed ether > > net packet or one that > > is not ip.. im not sure that's just a guess.. > <snip> > > Hi Richard, > > Keep the vlan stuff in your kernel as it's needed; the number after the > pseudo-device represents how many vlans you want to support. > > You should then be able to ifconfig each virtual vlan interface. See "man > ifconfig" and do a search for vlan as you have to set your vlan tag. An > example of the syntax is also given in the updated todo section of number > 3 here: > > http://www.euitt.upm.es/~pjlobo/fbsdvlan.old.html > > You'll probably have to adjust your ipfw ruleset to accomodate these > virtual interfaces so you might want to turn off the firewall first to see > if you can pass the traffic, then adjust your ruleset accordingly. > > Good luck, > > Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C00420D.71694145>