From owner-freebsd-ipfw@FreeBSD.ORG Tue Aug 17 20:00:13 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63D3416A4CE for ; Tue, 17 Aug 2004 20:00:13 +0000 (GMT) Received: from ylpvm15.prodigy.net (ylpvm15-ext.prodigy.net [207.115.57.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1EED843D31 for ; Tue, 17 Aug 2004 20:00:13 +0000 (GMT) (envelope-from kbyanc@posi.net) Received: from gateway.posi.net (adsl-63-201-90-9.dsl.snfc21.pacbell.net [63.201.90.9])i7HK0EEU015447; Tue, 17 Aug 2004 16:00:14 -0400 Received: from localhost (localhost [127.0.0.1]) by gateway.posi.net (Postfix) with ESMTP id A27FB6A0479; Tue, 17 Aug 2004 13:01:14 -0700 (PDT) Date: Tue, 17 Aug 2004 13:01:14 -0700 (PDT) From: Kelly Yancey To: Patrick Tracanelli In-Reply-To: <4120DA69.8080609@freebsdbrasil.com.br> Message-ID: <20040817125600.I2020@gateway.posi.net> References: <4120DA69.8080609@freebsdbrasil.com.br> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: ipfw@freebsd.org Subject: Re: FWD under bridged enviroment... X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Aug 2004 20:00:13 -0000 On Mon, 16 Aug 2004, Patrick Tracanelli wrote: > > Should the fwd action work with the code revision available today under > 5_2 branch (5.2.1-RELEASE-p8)? > > The enviroment is xl0 and xl1 bridged in the sabe cluster, ahd xl2 > available only to host registered IP and be available online. The fwd > action fordwards to the same machine... > > bridged firewalling is enabled, the interesting thing is that the fwd > rule counts packets and bytes as usual, but the forwarded port gets no > action.. (ie, no connection is logged); > > other behaviour is that if I get only the fwd rule that fordwards to > somewhere not available, usually the traffic gets stopped (obviously, > since they are forwarded to somewhere and gets nothing there) but under > this bridged setup the traffic stills flows, as if there were no fwd > rule (but it is still counting packets)... > > any clue? :) > > I remember code were available to allow fwd under bridged enviroment, I > want to know if it was commited and is supposed to work :} > I believe I've mentioned having code to implement fwd for IPv4 packets filtered from ether_input (net.link.ether.ipfw=1). Unfortunately, the patches are against 4.10. If someone else doesn't implement it before then, I plan on porting the functionality to 6-current (and then backport to 5-stable) after 5.3 is released. Kelly -- Kelly Yancey -- kbyanc@{posi.net,FreeBSD.org} -- kelly@nttmcl.com