Date: Fri, 11 Oct 2002 12:26:50 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Dave Dolson <ddolson@sandvine.com> Cc: "'freebsd-ipfw@freebsd.org'" <freebsd-ipfw@FreeBSD.ORG> Subject: Re: Problem diverting bridged packets Message-ID: <20021011122650.B76519@carp.icir.org> In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C85337A6BA50@mail.sandvine.com>; from ddolson@sandvine.com on Fri, Oct 11, 2002 at 12:45:35PM -0400 References: <FE045D4D9F7AED4CBFF1B3B813C85337A6BA50@mail.sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 11, 2002 at 12:45:35PM -0400, Dave Dolson wrote: > Is anyone aware of an ipfw1 issue with diverting packets from the bridge? > > I'm finding that a rule like the following will cause the packets to be > dropped and not diverted. > # ipfw add 400 accept icmp from 1.1.1.10 to 1.1.1.4 bridge i suppose there are two typos here ? "bridge" is not a valid option, "bridged" is; "accept" has nothing to do with "divert". But if you read the manpage, you should see that divert actions are not supported on bridged packets. cheers luigi > (Addresses 1.1.1.10 and 1.1.1.4 are on opposite sides of the local machine.) > > I'm running -stable 4.6 code, but not quite the latest, so sorry if this is > old news. > 4.6-RELEASE FreeBSD 4.6-RELEASE #7 > > I know that my divert client is working properly because it properly reads > and re-inserts packets for non-divert rules involving packets for the local > host (not bridged). > E.g., this works fine (1.1.1.1 is the local host) > divert 9001 icmp from 1.1.1.10 to 1.1.1.1 > > Thanks, > > David Dolson > Senior Software Engineer > Sandvine Incorporated. > Tel: 519-880-2400 x2737 > www.sandvine.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021011122650.B76519>