From owner-freebsd-ipfw Tue May 7 15:39:19 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from nexgen.nxginfosys.com (w162.z064002076.nyc-ny.dsl.cnc.net [64.2.76.162]) by hub.freebsd.org (Postfix) with ESMTP id 356CB37B486; Tue, 7 May 2002 15:39:10 -0700 (PDT) Received: from QRJATYDI (lsanca1-ar8-192-008.lsanca1.dsl-verizon.net [4.35.192.8]) by nexgen.nxginfosys.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id KFAJ3S7A; Tue, 7 May 2002 18:50:37 -0400 From: HGH@FreeBSD.ORG To: User@FreeBSD.ORG Subject: -=Human Growth Hormone=- X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: The Bat! (v1.60) Personal Date: Wed, 8 May 2002 5:30:45 +0500 Mime-Version: 1.0 Content-Type: text/plain; charset="KOI8-R" Message-Id: <20020507223910.356CB37B486@hub.freebsd.org> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Human Growth Hormone (HGH), also called Somatrotropin, is produced in the anterior of the pituitary gland deep inside the brain, where it is one of the most abundant hormones secreted. HGH influences the growth of cells, bones, muscles and organs throughout the body. http://dental.4greatdeal.com/hgh5/ Click below to enter our web site: http://dental.4greatdeal.com/hgh5/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 9 19:17: 8 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mailgw3a.lmco.com (mailgw3a.lmco.com [192.35.35.7]) by hub.freebsd.org (Postfix) with ESMTP id 9518B37B407 for ; Thu, 9 May 2002 19:17:04 -0700 (PDT) Received: from emss01g01.ems.lmco.com ([129.197.181.54]) by mailgw3a.lmco.com (8.11.6/8.11.6) with ESMTP id g4A2H3S02325 for ; Thu, 9 May 2002 22:17:03 -0400 (EDT) Received: from CONVERSION-DAEMON by lmco.com (PMDF V5.2-33 #38886) id <0GVV00I01ICE2W@lmco.com> for freebsd-ipfw@freebsd.org; Thu, 9 May 2002 19:17:02 -0700 (PDT) Received: from lmco.com ([129.197.20.43]) by lmco.com (PMDF V5.2-33 #38886) with ESMTP id <0GVV00IGCICAIL@lmco.com> for freebsd-ipfw@freebsd.org; Thu, 09 May 2002 19:16:58 -0700 (PDT) Date: Thu, 09 May 2002 19:14:06 -0700 From: rick norman Subject: ipfw and aliases To: freebsd-ipfw@freebsd.org Message-id: <3CDB2CED.DCC3092F@lmco.com> MIME-version: 1.0 X-Mailer: Mozilla 4.79 [en] (WinNT; U) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT X-Accept-Language: en Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Is it possible to write a firewall rule for a router with one interface with multiple aliased ip addresses that will grab pkts based on the IP_alias they are routed in or out on, rather than the src or des address of the pkt. It looks as tho the 'via' qualifier lumps all the aliases for an interface together. I would like to grab pkts, not based on the src and des contained in the packet, but rather based on which IP_alias it is going to be sent out on. Thanks for any insight, Rick Norman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri May 10 3:16:36 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from tchpc01.tcd.ie (tchpc01.tcd.ie [134.226.10.78]) by hub.freebsd.org (Postfix) with ESMTP id D952337B403 for ; Fri, 10 May 2002 03:16:28 -0700 (PDT) Received: from flipflop.tchpc.tcd.ie (hpc02.iss.tcd.ie [134.226.10.45]) by tchpc01.tcd.ie (Postfix) with ESMTP id 2938D355D; Fri, 10 May 2002 11:17:49 +0100 (IST) Received: by flipflop.tchpc.tcd.ie (Postfix, from userid 1001) id 8CD2256ED; Fri, 10 May 2002 11:15:32 +0100 (IST) Date: Fri, 10 May 2002 11:15:32 +0100 From: Robert bobb Crosbie To: rick norman Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw and aliases Message-ID: <20020510111532.A33197@flipflop.tchpc.tcd.ie> References: <3CDB2CED.DCC3092F@lmco.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CDB2CED.DCC3092F@lmco.com>; from rick.norman@lmco.com on Thu, May 09, 2002 at 07:14:06PM -0700 Organization: bobb Industries Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG rick norman hath declared on Thursday the 09 day of May 2002 :-: > Is it possible to write a firewall rule for a router with one interface > with multiple aliased ip > addresses that will grab pkts based on the IP_alias they are routed in > or out on, rather than the src or des address of the pkt. It looks as > tho the 'via' qualifier lumps all the aliases for an interface > together. I would like to grab pkts, not based on the src and des > contained in the packet, but rather based on which IP_alias it is going > to be sent out on. You can use via with an IP address or interface. - bobb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri May 10 9:31: 2 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mailgw3a.lmco.com (mailgw3a.lmco.com [192.35.35.7]) by hub.freebsd.org (Postfix) with ESMTP id 69F8737B400 for ; Fri, 10 May 2002 09:30:57 -0700 (PDT) Received: from emss01g01.ems.lmco.com ([129.197.181.54]) by mailgw3a.lmco.com (8.11.6/8.11.6) with ESMTP id g4AGUuS27473 for ; Fri, 10 May 2002 12:30:56 -0400 (EDT) Received: from CONVERSION-DAEMON by lmco.com (PMDF V5.2-33 #38886) id <0GVW00H01LVJE0@lmco.com> for freebsd-ipfw@freebsd.org; Fri, 10 May 2002 09:30:55 -0700 (PDT) Received: from lmco.com ([129.197.20.43]) by lmco.com (PMDF V5.2-33 #38886) with ESMTP id <0GVW00OJ4LVF8B@lmco.com> for freebsd-ipfw@freebsd.org; Fri, 10 May 2002 09:30:51 -0700 (PDT) Date: Fri, 10 May 2002 09:28:04 -0700 From: rick norman Subject: [Fwd: ipfw and aliases] To: freebsd-ipfw@freebsd.org Message-id: <3CDBF514.EBADB9E2@lmco.com> MIME-version: 1.0 X-Mailer: Mozilla 4.79 [en] (WinNT; U) Content-type: multipart/mixed; boundary="Boundary_(ID_omZN7cLyAGRu7Cvsdr3oSQ)" X-Accept-Language: en Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --Boundary_(ID_omZN7cLyAGRu7Cvsdr3oSQ) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT --Boundary_(ID_omZN7cLyAGRu7Cvsdr3oSQ) Content-type: message/rfc822 Date: Fri, 10 May 2002 09:27:05 -0700 From: rick norman Subject: Re: ipfw and aliases To: Robert bobb Crosbie Message-id: <3CDBF4D9.BE5AA279@lmco.com> MIME-version: 1.0 X-Mailer: Mozilla 4.79 [en] (WinNT; U) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT X-Mozilla-Status2: 00000000 X-Accept-Language: en References: <3CDB2CED.DCC3092F@lmco.com> <20020510111532.A33197@flipflop.tchpc.tcd.ie> I tried that but via with an ip addr catches all the aliases going out the interface, not just the requested one. Any other ideas ? Rick Robert bobb Crosbie wrote: > rick norman hath declared on Thursday the 09 day of May 2002 :-: > > Is it possible to write a firewall rule for a router with one interface > > with multiple aliased ip > > addresses that will grab pkts based on the IP_alias they are routed in > > or out on, rather than the src or des address of the pkt. It looks as > > tho the 'via' qualifier lumps all the aliases for an interface > > together. I would like to grab pkts, not based on the src and des > > contained in the packet, but rather based on which IP_alias it is going > > to be sent out on. > > You can use via with an IP address or interface. > > - bobb --Boundary_(ID_omZN7cLyAGRu7Cvsdr3oSQ)-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri May 10 9:44:14 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from kyoto.newnet.co.uk (kyoto.newnet.co.uk [212.87.87.16]) by hub.freebsd.org (Postfix) with ESMTP id 6231237B417 for ; Fri, 10 May 2002 09:44:09 -0700 (PDT) Received: from newnet.co.uk (peter.port [212.87.87.37]) by kyoto.newnet.co.uk (8.11.6/8.11.6) with ESMTP id g4AGhs846930; Fri, 10 May 2002 17:43:55 +0100 (BST) (envelope-from peter@newnet.co.uk) Message-ID: <3CDBF8BB.3DF5F820@newnet.co.uk> Date: Fri, 10 May 2002 17:43:39 +0100 From: Peter Coates Organization: NewNet plc - Fast Access Internet - Support Team X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: rick norman Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: [Fwd: ipfw and aliases] References: <3CDBF514.EBADB9E2@lmco.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, A solution that should work would be to set the IP's up on seperate VLANs. Then they would appear as different interfaces instead of IP's "glued" on to one interface. I would suggest 4.5 for VLANs too. Regards, Peter rick norman wrote: > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > Subject: Re: ipfw and aliases > Date: Fri, 10 May 2002 09:27:05 -0700 > From: rick norman > To: Robert bobb Crosbie > References: <3CDB2CED.DCC3092F@lmco.com> > <20020510111532.A33197@flipflop.tchpc.tcd.ie> > > I tried that but via with an ip addr catches all the aliases going out the > interface, not just the requested one. > Any other ideas ? > Rick > > Robert bobb Crosbie wrote: > > > rick norman hath declared on Thursday the 09 day of May 2002 :-: > > > Is it possible to write a firewall rule for a router with one interface > > > with multiple aliased ip > > > addresses that will grab pkts based on the IP_alias they are routed in > > > or out on, rather than the src or des address of the pkt. It looks as > > > tho the 'via' qualifier lumps all the aliases for an interface > > > together. I would like to grab pkts, not based on the src and des > > > contained in the packet, but rather based on which IP_alias it is going > > > to be sent out on. > > > > You can use via with an IP address or interface. > > > > - bobb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri May 10 10: 9:24 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mailgw3a.lmco.com (mailgw3a.lmco.com [192.35.35.7]) by hub.freebsd.org (Postfix) with ESMTP id 2F4E537B40F for ; Fri, 10 May 2002 10:09:20 -0700 (PDT) Received: from emss01g01.ems.lmco.com ([129.197.181.54]) by mailgw3a.lmco.com (8.11.6/8.11.6) with ESMTP id g4AH9IS06169; Fri, 10 May 2002 13:09:18 -0400 (EDT) Received: from CONVERSION-DAEMON by lmco.com (PMDF V5.2-33 #38886) id <0GVW00L01NNHZB@lmco.com>; Fri, 10 May 2002 10:09:17 -0700 (PDT) Received: from lmco.com ([129.197.20.43]) by lmco.com (PMDF V5.2-33 #38886) with ESMTP id <0GVW00O8JNNDM5@lmco.com>; Fri, 10 May 2002 10:09:13 -0700 (PDT) Date: Fri, 10 May 2002 10:06:26 -0700 From: rick norman Subject: Re: [Fwd: ipfw and aliases] To: Peter Coates Cc: freebsd-ipfw@FreeBSD.ORG Message-id: <3CDBFE12.6093A35B@lmco.com> MIME-version: 1.0 X-Mailer: Mozilla 4.79 [en] (WinNT; U) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT X-Accept-Language: en References: <3CDBF514.EBADB9E2@lmco.com> <3CDBF8BB.3DF5F820@newnet.co.uk> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'll give that a try, thanks. Peter Coates wrote: > Hi, > > A solution that should work would be to set the IP's up on seperate VLANs. > Then they would appear as different interfaces instead of IP's "glued" on > to one interface. I would suggest 4.5 for VLANs too. > > Regards, > Peter > > rick norman wrote: > > > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > > > Subject: Re: ipfw and aliases > > Date: Fri, 10 May 2002 09:27:05 -0700 > > From: rick norman > > To: Robert bobb Crosbie > > References: <3CDB2CED.DCC3092F@lmco.com> > > <20020510111532.A33197@flipflop.tchpc.tcd.ie> > > > > I tried that but via with an ip addr catches all the aliases going out the > > interface, not just the requested one. > > Any other ideas ? > > Rick > > > > Robert bobb Crosbie wrote: > > > > > rick norman hath declared on Thursday the 09 day of May 2002 :-: > > > > Is it possible to write a firewall rule for a router with one interface > > > > with multiple aliased ip > > > > addresses that will grab pkts based on the IP_alias they are routed in > > > > or out on, rather than the src or des address of the pkt. It looks as > > > > tho the 'via' qualifier lumps all the aliases for an interface > > > > together. I would like to grab pkts, not based on the src and des > > > > contained in the packet, but rather based on which IP_alias it is going > > > > to be sent out on. > > > > > > You can use via with an IP address or interface. > > > > > > - bobb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sat May 11 13:46:37 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 1190337B405 for ; Sat, 11 May 2002 13:46:35 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020511204634.KQSS22408.rwcrmhc53.attbi.com@blossom.cjclark.org>; Sat, 11 May 2002 20:46:34 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g4BKkXg09267; Sat, 11 May 2002 13:46:33 -0700 (PDT) (envelope-from cjc) Date: Sat, 11 May 2002 13:46:33 -0700 From: "Crist J. Clark" To: rick norman Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw and aliases Message-ID: <20020511134633.A2824@blossom.cjclark.org> References: <3CDB2CED.DCC3092F@lmco.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3CDB2CED.DCC3092F@lmco.com>; from rick.norman@lmco.com on Thu, May 09, 2002 at 07:14:06PM -0700 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, May 09, 2002 at 07:14:06PM -0700, rick norman wrote: > Is it possible to write a firewall rule for a router with one interface > with multiple aliased ip > addresses that will grab pkts based on the IP_alias they are routed in > or out on, rather than the src or des address of the pkt. No, there is no way to do this. The information is simply not available to the system. There is no way for it to know what IP address a remote machine might have used to pick its link-layer address for forwarding the packet. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message