From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 17 11:18:17 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6392616A41F for ; Sat, 17 Sep 2005 11:18:17 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from smtp3-g19.free.fr (smtp3-g19.free.fr [212.27.42.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06E4A43D48 for ; Sat, 17 Sep 2005 11:18:16 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by smtp3-g19.free.fr (Postfix) with ESMTP id 6CC133DF1; Sat, 17 Sep 2005 13:18:15 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id AA1CC405C; Sat, 17 Sep 2005 13:18:17 +0200 (CEST) Date: Sat, 17 Sep 2005 13:18:17 +0200 From: Jeremie Le Hen To: vladone Message-ID: <20050917111817.GG51142@obiwan.tataz.chchile.org> References: <1126236392.20050901000512@spaingsm.com> <200509151332.j8FDWoqd035125@lurza.secnetix.de> <20050916122751.GC51142@obiwan.tataz.chchile.org> <1352090989.20050917130747@spaingsm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1352090989.20050917130747@spaingsm.com> User-Agent: Mutt/1.5.9i Cc: freebsd-ipfw@freebsd.org Subject: Re: in via or in recv X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Sep 2005 11:18:17 -0000 > U speak in this explanation about "outgoing path" or "incoming path". > How i can find when i have an situation or another? > U say: "If the packet is on the outgoing path ....", so need to know > when the packet is on "outgoing path" or "incoming path". How know > that? The incoming path is when the packet just entered the network stack, after being received on the network adapter ; at this time, it has not been routed yet. Conversely, the outgoing path is when the packet has been routed by the network stack, just before giving it to the network adapter. Let's do some ASCII art : +-------------+ | FreeBSD box | +---------------------+ | | | Network | | stack | | | | | | [ROUTING] | | | | | fxp0 ^ v sis0 ...->---#---->---+ +-->-----#---->-... | | |incoming outgoing| | path path | +---------------------+ % ipfw add allow ip from any to any recv fxp0 xmit sis0 This rule will apply on the outgoing path (because of "xmit") and will let through all packets that arrived on fxp0 and then leave through sis0. If you have a third interface, let's say em0, then packets leaving through sis0 but that has come through the latter won't match this rule. I hope this help you to understand. I will make my webpage more precise on this. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >