Date: Sat, 18 Sep 2004 17:24:49 -0400 From: Karim Fodil-Lemelin <kfl@xiphos.ca> To: net@freebsd.org Subject: Strange Bridge Issues Message-ID: <414CA7A1.7000809@xiphos.ca>
next in thread | raw e-mail | index | archive | help
Hi,
I have applied Luigi's patch to a FBSD 4.8 kernel to be able to use
fwd rules in ipfw with a BRIDGE. I have to say its a very cool feature.
Now, there is two side of this, one good and one that I really need to fix.
The good side is it works in this configuration:
CLIENT --------(fxp0) BRIDGE1 (fxp1) --------- ROUTER(S)
-----------(fxp1) BRIDGE2 (fxp0) ------- SERVER
CL:IENT is on the same subnet as BRIDGE1 and SERVER is on the same
subnet as BRIDGE2, using ipfw rules like this:
reset tcp from any to me XXXX
reset tcp from any to me YYYY
fwd 127.0.0.1,XXXX tcp from any to any in via fxp0
fwd 127.0.0.1,YYYY tcp from any to any in via fxp1
I get all tcp traffic to be "sucked in" by the fwd rules to a proxy
application that goes out to connect from fxp1 (fxp1 has an address for
the proxy to bind on). It is then grabbed by another proxy on BRIDGE2
and forwarded to another proxy on port YYYY and it connects to the
SERVER just fine.
There is only one route, which is default pointing to the closest
ROUTER on both bridge.
The previous scenario work just fine but if it gets more
complicated, with something like this:
CLIENT ----- ROUTER(S) ----- BRIDGE1 ----- ROUTER(S) ---- BRIDGE2
----ROUTER(S) ---- SERVER
Here, CLIENT is _not_ on the same subnet as BRIDGE1 and SERVER is
_not_ on the same subnet as BRIDGE2.
Using the same rules as above, traffic comming from CLIENT goes
through the BRIDGE1 _whitout_ being "fwded"!!
If anyone could help me to figure at least why tcp packets are going
through whitout being sucked in, I would really appreciate.
Obviously if you know how to fix this then please let me know :).
Regards,
Karim.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?414CA7A1.7000809>