Date: Sat, 10 Oct 2015 22:27:28 +0800 From: Archy Cho <archycho@gmail.com> To: Jim Thompson <jim@netgate.com> Cc: net@freebsd.org, rizzo@iet.unipi.it Subject: Re: Freebsd 10.2 amd64 netmap ipfw Message-ID: <395800C2-6ED1-42CF-A788-64D5192DE4C0@gmail.com> In-Reply-To: <7337D8A6-B708-425B-B5B3-9E8FFBB8C411@gmail.com> References: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com> <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com> <7337D8A6-B708-425B-B5B3-9E8FFBB8C411@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Professor Luigi=20 After I read the past mailing list , I got it working now ,=20 but I have something to ask. Quote from=20 http://lists.freebsd.org/pipermail/freebsd-net/2014-November/040380.html = <http://lists.freebsd.org/pipermail/freebsd-net/2014-November/040380.html>= WITHOUT kipfw you will be OUT of communication. If you want to have communication without kipfw please configure if_bridge(4) properly. My testing boxes , I could communicate with bridge + kipfw ,=20 but not without bridge , is that normal ? ( I have tested , after kipfw = with bridge , filtering rules still could be applied ) And do kipfw could be enable as multithread for a single bridge to = provide better performance ? Thank you so much . Archy Cho > Archy Cho <archycho@gmail.com> =A9=F3 2015=A6~10=A4=EB10=A4=E9 = =A4U=A4=C89:20 =BCg=B9D=A1G >=20 > Dear Jim and all >=20 > My map as follow: >=20 > +---------------------+ +---------------------------------+ = +------------------------+ > | Cisco Router | | Freebsd 10.2 amd64 custom kernel| = | Linux box with | > | IP 10.0.85.1/30 | | recompiled with "device netmap" | = | IP 172.16.0.1/30 | > | | +--------->+ ix0 =3D 10.0.85.2/30 = | <-----------+ control the Freebsd box=20 > | | | ix1 =3D down = | | via ssh | > | | | igb0 =3D 172.16.0.2/30 = | | | > +---------------------+ +---------------------------------+ = +------------------------+ >=20 > 1) I have recompiled the kernel with device netmap > 2) I downloaded the next.zip and compiled got the kipfw and ipfw > 3) I connect via linux box , ssh 172.16.0.2 >=20 > Do anyone advise , how could I enable netmap ipfw to filter traffic = from Cisco Router ? >=20 > Archy Cho >=20 >> Jim Thompson <jim@netgate.com <mailto:jim@netgate.com>> =A9=F3 = 2015=A6~10=A4=EB10=A4=E9 =A4W=A4=C81:14 =BCg=B9D=A1G >>=20 >>=20 >>> On Oct 9, 2015, at 7:14 AM, Archy Cho <archycho@gmail.com = <mailto:archycho@gmail.com>> wrote: >>>=20 >>> I think I must misunderstand something , could anyone send me = advise? >>> Or any documents could help to build a NETMAP IPFW firewall box ? >>=20 >> See the last several paragraphs of:=20 >>=20 >> https://github.com/luigirizzo/netmap-ipfw/blob/next/README = <https://github.com/luigirizzo/netmap-ipfw/blob/next/README>; >>=20 >> Note that the "telnet localhost 5566" traffic generator hack = mentioned in the README doesn't work without a recompile, but you won't = need it for running real traffic. >>=20 >> Jim >>=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?395800C2-6ED1-42CF-A788-64D5192DE4C0>