Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 Aug 1999 08:08:46 +0200 (CEST)
From:      Ludo Koren <>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: ipfw + bridging: fwd rule enacted but no effect
Message-ID:  <>
In-Reply-To:  <> (message from Norman Nie on Tue, 17 Aug 1999 16:46:15 -0700 (PDT))

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

> I'm having problems with ipfw fwd + bridging.  Please help!

> My setup is:

> [A]-----[fxp0:D:fxp1]-----[C] fxp2 ---- | | [B]

> D is the box that runs ipfw + bridging.

> My rule is very simple:

> 100 fwd B log all from A to C last rule allow from any to any

> Ideally , it should redirect any packets from A to C and emit
> them out on interface fxp2 (linked to B).  And those packets
> are to be dropped dead on B.

> What happened is that logging messages indicate that rule 100
> were envoked but with no effect.  One can still ping from A to
> C.

> IPFW with no bridging (ie. machine B acting as a router) works
> fine.

> Bridging alone works fine.

> But when combining ipfw + bridging, the fwd command doesn't
> work.

> Any one has the same problem before?

> Also, I assume when doing bridging, I don't need to config the
> routing table in machine B.  Is this correct?

Several days ago I sent similar question with no answer. After looking
into the source code I realized this feature is not implemented. I
spoke about it with Luigi Rizzo who has implemented the bridging
stuff. He suggested that it's not appropriate for bridging as such. It
should be done in `higher level'. But the problem is you need
configuration as a gateway.

Basically, I was convinced to implement it, but now I am considering if
the solution is technically correct (e.g. I will not get troubles if
the load on bridge will be high).


To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>