From owner-freebsd-ipfw@FreeBSD.ORG Fri Nov 28 08:09:14 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7186716A4CE for ; Fri, 28 Nov 2003 08:09:14 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3799343FA3 for ; Fri, 28 Nov 2003 08:09:13 -0800 (PST) (envelope-from nowan3@comcast.net) Received: from comcast.net (c-24-10-201-100.client.comcast.net[24.10.201.100]) by comcast.net (rwcrmhc11) with SMTP id <2003112816091201300dubr4e> (Authid: nowan3); Fri, 28 Nov 2003 16:09:12 +0000 Message-ID: <3FC77330.7010702@comcast.net> Date: Fri, 28 Nov 2003 09:09:20 -0700 From: Nolan Orwan User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <20031128102120.GB34837@toudi.cisovanet.pl> In-Reply-To: <20031128102120.GB34837@toudi.cisovanet.pl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: bridge problem II X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Nov 2003 16:09:14 -0000 I also have a bridge/firewall problem that I can't figure out. My bridge/firewall box has two interface cards (NICs), one facing in and the other facing out. The inside NIC has an ip address of 10.1.1.10 and the outside one does not. Bridging works fine as between the inside subnet and the outside, meaning that boxes on the inside can communicate through the bridge to the outside and also communicate with the bridge/firewall box via its inside NIC. The problem is I can't figure out what ipfw rule or rules will allow the inside NIC to send and receive traffic to the outside. Can this even be done? Tim P.S. I'm using the generic 4.8 kernel with its standard ipfw, dummynet, and bridge kernel modules.