Date: Tue, 21 Apr 2009 15:22:54 +0100 From: Howard Jones <howie@thingy.com> To: freebsd-questions@freebsd.org Subject: IPFW/Dummynet/Bridging with VLAN trunks? Message-ID: <49EDD6BE.1010404@thingy.com>
next in thread | raw e-mail | index | archive | help
I'm trying to use Dummynet+IPFW and bridging to make a packet shaper that runs across multiple VLANs. So my intended set up is: [users]->[Aggregate Switch]=>[FreeBSD]=>[Upstream Switch (with IP interfaces for each vlan)]->The World where -> is a single VLAN, and => is a tagged dot1q trunk. The aim is to drop the FreeBSD box in the middle, in one trunked uplink, and cover all the VLANs downstream of that. Should this work? In practice, the bridging seems to work OK, but as soon as I add rules to match traffic passing through and apply it to pipes, everything stops. I can use tcpdump's vlan option to filter traffic on em0, em1 or bridge0 and it does show only traffic for that vlan, so tags are being preserved... Ideally, I'd like to use the dot1q tag in ipfw rules directly, and avoid ip ranges, but I don't think that's possible. Is there some special incantation to make ipfw vlan-aware? Has anyone else done this successfully? Best Regards, Howie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49EDD6BE.1010404>