From owner-freebsd-questions@FreeBSD.ORG  Wed Dec 29 00:39:56 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ED16216A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 29 Dec 2004 00:39:56 +0000 (GMT)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.207])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 982DC43D1D
	for <freebsd-questions@freebsd.org>;
	Wed, 29 Dec 2004 00:39:56 +0000 (GMT)
	(envelope-from salsayarroz@gmail.com)
Received: by wproxy.gmail.com with SMTP id 50so37412wri
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Dec 2004 16:39:56 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;
	b=IBIMKIZ6D5Eu260z97wc06OXy60VL2tRvl6TKDiHCAbupCnEhFALodN/NPpuPqncYf4gLIYPsSzndzDeoLqYCTXqEnLrvQtMZFXaoi0HauPyjsTeKa213MUUwa00m/v+w4OXlosxqNKpJUJ2WB25GywwulfQdzZTJRUbGF/CSDY=
Received: by 10.54.30.9 with SMTP id d9mr190236wrd;
        Tue, 28 Dec 2004 16:39:56 -0800 (PST)
Received: by 10.54.32.38 with HTTP; Tue, 28 Dec 2004 16:39:56 -0800 (PST)
Message-ID: <883bd410041228163927bb46c9@mail.gmail.com>
Date: Tue, 28 Dec 2004 19:39:56 -0500
From: Zijian Zhou <salsayarroz@gmail.com>
To: freebsd-questions@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: problems with ipfw2 divert
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Zijian Zhou <salsayarroz@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Dec 2004 00:39:57 -0000

Hi:

I am trying to set up a freebsd machine as a bridge to implement a
sort of firewall at the bridging layer.

I am running:  FreeBSD 4.11-PRERELEASE i386

I have a divert socket bound to the port 8668 for outgoing traffic and
I have another divert socket bound to the port 8669 for incoming
traffic. I am using ipfw2 for diverting traffic.

has anybody experienced this problem; only one side of the traffic
gets diverted and the other side is never touched? if so, has anyone
fixed this problems?

here is my simple ipfw2 rule set:

rp6# ipfw show
00100   8458   2774224 divert 8668 udp from any 68 to any dst-port 67 recv dc0
00101      0         0 divert 8669 udp from any 67 to any dst-port 68 recv dc1
65535 502777 113629564 allow ip from any to any

these are some of my kernel variables for bridging.
rp6# sysctl -a |grep bridg
net.link.ether.bridge_cfg: dc0,dc1
net.link.ether.bridge: 1
net.link.ether.bridge_ipfw: 1
net.link.ether.bridge_ipf: 0
net.link.ether.bridge_ipfw_drop: 0
net.link.ether.bridge_ipfw_collisions: 0


thank you