Date: Sat, 10 Oct 2015 21:42:57 +0800 From: Archy Cho <archycho@gmail.com> To: Jim Thompson <jim@netgate.com> Cc: net@freebsd.org, rizzo@iet.unipi.it Subject: Re: Freebsd 10.2 amd64 netmap ipfw Message-ID: <32A72733-2D71-4FBA-93D3-B90BDDD4BFD3@gmail.com> In-Reply-To: <7337D8A6-B708-425B-B5B3-9E8FFBB8C411@gmail.com> References: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com> <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com> <7337D8A6-B708-425B-B5B3-9E8FFBB8C411@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear All
Sorry , I would like to ask do netmap with ipfw will only work as a =
bridge ?
ie:
+-----------------------+ +---------------------------+ =
+----------------------+
| Cisco Router A | | Freebsd 10.2 amd64 | =
| Cisco Router B |
| Int Te1/1 | | ix0 connect to Cisco A | =
| Int Te1/1 |
| 10.0.85.1/30 | +-----> | Int Te1/1 | =
+------> | 10.0.85.2/30 |
| | ^-----+ | ix1 connect to Cisco B | =
^------+ | |
| | | Int Te1/1 | =
| |
+-----------------------+ +---------------------------+ =
+----------------------+
Do the kipfw with netmap should work as this diagram ?
Archy Cho
> Archy Cho <archycho@gmail.com> =A9=F3 2015=A6~10=A4=EB10=A4=E9 =
=A4U=A4=C89:20 =BCg=B9D=A1G
>=20
> Dear Jim and all
>=20
> My map as follow:
>=20
> +---------------------+ +---------------------------------+ =
+------------------------+
> | Cisco Router | | Freebsd 10.2 amd64 custom kernel| =
| Linux box with |
> | IP 10.0.85.1/30 | | recompiled with "device netmap" | =
| IP 172.16.0.1/30 |
> | | +--------->+ ix0 =3D 10.0.85.2/30 =
| <-----------+ control the Freebsd box=20
> | | | ix1 =3D down =
| | via ssh |
> | | | igb0 =3D 172.16.0.2/30 =
| | |
> +---------------------+ +---------------------------------+ =
+------------------------+
>=20
> 1) I have recompiled the kernel with device netmap
> 2) I downloaded the next.zip and compiled got the kipfw and ipfw
> 3) I connect via linux box , ssh 172.16.0.2
>=20
> Do anyone advise , how could I enable netmap ipfw to filter traffic =
from Cisco Router ?
>=20
> Archy Cho
>=20
>> Jim Thompson <jim@netgate.com <mailto:jim@netgate.com>> =A9=F3 =
2015=A6~10=A4=EB10=A4=E9 =A4W=A4=C81:14 =BCg=B9D=A1G
>>=20
>>=20
>>> On Oct 9, 2015, at 7:14 AM, Archy Cho <archycho@gmail.com =
<mailto:archycho@gmail.com>> wrote:
>>>=20
>>> I think I must misunderstand something , could anyone send me =
advise?
>>> Or any documents could help to build a NETMAP IPFW firewall box ?
>>=20
>> See the last several paragraphs of:=20
>>=20
>> https://github.com/luigirizzo/netmap-ipfw/blob/next/README =
<https://github.com/luigirizzo/netmap-ipfw/blob/next/README>;
>>=20
>> Note that the "telnet localhost 5566" traffic generator hack =
mentioned in the README doesn't work without a recompile, but you won't =
need it for running real traffic.
>>=20
>> Jim
>>=20
>=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32A72733-2D71-4FBA-93D3-B90BDDD4BFD3>