From owner-freebsd-net@FreeBSD.ORG  Tue May 16 17:26:46 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6C48B16A96D
	for <freebsd-net@freebsd.org>; Tue, 16 May 2006 17:26:46 +0000 (UTC)
	(envelope-from cegaspar@ifi.unicamp.br)
Received: from terra.ifi.unicamp.br (terra.ifi.unicamp.br [143.106.6.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 067FA43DD2
	for <freebsd-net@freebsd.org>; Tue, 16 May 2006 17:25:36 +0000 (GMT)
	(envelope-from cegaspar@ifi.unicamp.br)
Received: from lua.ifi.unicamp.br (lua.ifi.unicamp.br [143.106.6.13])
	by terra.ifi.unicamp.br (Postfix) with ESMTP id 5B1A1264A26
	for <freebsd-net@freebsd.org>; Tue, 16 May 2006 14:24:51 -0300 (BRT)
Received: from localhost (sa.ifi.unicamp.br [143.106.6.10])
	by lua.ifi.unicamp.br (Postfix) with ESMTP id 89172679F3
	for <freebsd-net@freebsd.org>; Tue, 16 May 2006 14:25:04 -0300 (BRT)
Received: from lua.ifi.unicamp.br ([143.106.6.13])
	by localhost (sa.ifi.unicamp.br [143.106.6.10]) (amavisd-new,
	port 10024) with ESMTP id 99195-05 for <freebsd-net@freebsd.org>;
	Tue, 16 May 2006 14:25:24 -0300 (BRT)
Received: from [143.106.72.17] (gefion.ifi.unicamp.br [143.106.72.17])
	by lua.ifi.unicamp.br (Postfix) with ESMTP id C248A679F0
	for <freebsd-net@freebsd.org>; Tue, 16 May 2006 14:25:02 -0300 (BRT)
Message-ID: <446A0B0A.2020608@ifi.unicamp.br>
Date: Tue, 16 May 2006 14:25:30 -0300
From: Carlos E Gaspar <cegaspar@ifi.unicamp.br>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-net@freebsd.org
References: <4460FF4E.10305@ifi.unicamp.br>
	<20060509211357.GA939@heff.fud.org.nz>
In-Reply-To: <20060509211357.GA939@heff.fud.org.nz>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at ifi.unicamp.br
Subject: Re: ipfw divert with layer2 (if_bridge) packets
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2006 17:26:47 -0000

Hi.
You're right, net.link.bridge.ipfw must be set to 1 to enable layer2 
filtering. Anyway, divert still doesn't work.

Thanks!
Carlos

Andrew Thompson wrote:

>On Tue, May 09, 2006 at 05:45:02PM -0300, Carlos E Gaspar wrote:
>  
>
>>Hi.
>>
>>I have the following setup:
>>
>>FreeBSD abc5.5-PRERELEASE FreeBSD 5.5-PRERELEASE #0: Wed Apr 26 14:58:22 
>>BRT 2006     root@abc:/usr/src/sys/alpha/compile/ABC alpha
>>
>>bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>       ether xx:xx:xx:xx:xx:xx
>>       priority 32768 hellotime 2 fwddelay 15 maxage 20
>>       member: de1 flags=3<LEARNING,DISCOVER>
>>       member: de0 flags=3<LEARNING,DISCOVER>
>>
>>de1 is my internal interface (local) and de0 the external (internet). 
>>host1 is on de1. Bridge works fine (if_bridge).
>>
>>With the following sysctl's:
>>
>>net.link.bridge.pfil_onlyip: 0
>>net.link.bridge.pfil_member: 1
>>net.link.bridge.pfil_bridge: 0
>>net.link.bridge.ipfw: 0
>>    
>>
>                  ^^^^^^^
>
>This should be 1. 
>
> net.link.bridge.ipfw   Set to 1 to enable layer2 filtering with
>                        ipfirewall(4), set to 0 to disable it.  This
>                        needs to be enabled for dummynet(4) support.
>                        When ipfw is enabled, pfil_bridge and
>                        pfil_member will be disabled so that IPFW is
>                        not run twice; these can be re-enabled if
>                        desired.
>
>
>Give that a try.
>
>cheers,
>Andrew
>_______________________________________________
>freebsd-net@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-net
>To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>  
>