Date: Wed, 2 Nov 2005 16:46:30 -0500 From: Router Guy <routester@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Possible repost, new subscriber - IPFW+FWD Message-ID: <f29189c80511021346la19e43el320649fa4424cb5d@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I've searched the archive, and read the man page...possible that I've misse= d something. ipfw rules... <omitted .. > 00700 0 0 allow ip from 172.16.200.2 <http://172.16.200.2/>; to 172.16.200.2<http://172.16.200.2/>; 00800 9 756 fwd 172.16.200.1 <http://172.16.200.1/>; ip from 172.16.200.2<http://172.16.200.2/>to any 00900 0 0 allow ip from any to 172.16.200.2 <http://172.16.200.2/>; via vlan= 3 <omitted .. > vlan3: flags=3D8843<UP,BROADCAST ,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 172.16.200.2 <http://172.16.200.2/>; netmask 0xffffff00 broadcast 172.16.200.255 <http://172.16.200.255/>; ether 00:b0:d0:49:00:bd media: Ethernet autoselect (100baseTX) status: active vlan: 3 parent interface: fxp0 Kern options options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT options IPFIREWALL_FORWARD 5.4-RELEASE-p8 As you can see from the ipfw output, the fwd rules match - but the packets are still forwarded out the primary interface following the default route (verified via tcpdump). The fwd <ip> is reachable from the host, and is a router that knows what to do with the packets....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f29189c80511021346la19e43el320649fa4424cb5d>