Date: Fri, 04 May 2007 17:16:13 +0500 From: Sarkhan Elkhanzade <elxanzade@mail.ru> To: Nicolargo <hennion@alcasat.net> Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW + Bridge + Routing Message-ID: <1178280974.4148.2.camel@debian.azercell.com> In-Reply-To: <10303574.post@talk.nabble.com> References: <10303574.post@talk.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2007-05-03 at 05:11 -0700, Nicolargo wrote: > Hi all, > > here is y configuration: > > PC3 > | > | > FW > / \ > / \ > PC1 PC2 > > FW: FreeBSD 6.2 > Interface PC1 and PC2: bridged (172.18.0.254) > Interface PC3: Routed (172.16.1.2) > PC1: 172.18.0.1 > PC2: 172.18.0.2 > PC3: 172.16.1.1 > > Ipfw: > ipfw add 1 allow ip from any to any MAC any any > ipfw add 2 allow ip from any to any > > Bridge: > net.link.ether.bridge_cfg: > net.link.ether.bridge_ipfw: 0 > net.link.ether.bridge_ipf: 0 > net.link.ether.bridge.config: > net.link.ether.bridge.enable: 1 > net.link.ether.bridge.predict: 1250 > net.link.ether.bridge.dropped: 0 > net.link.ether.bridge.packets: 1294 > net.link.ether.bridge.ipfw_collisions: 0 > net.link.ether.bridge.ipfw_drop: 0 > net.link.ether.bridge.copy: 0 > net.link.ether.bridge.ipfw: 0 > net.link.ether.bridge.ipf: 0 > net.link.ether.bridge.debug: 0 > net.link.ether.bridge.version: 031224 > net.link.bridge.ipfw: 1 > net.link.bridge.pfil_member: 1 > net.link.bridge.pfil_bridge: 1 > net.link.bridge.ipfw_arp: 0 > net.link.bridge.pfil_onlyip: 1 > > rc.conf: > cloned_interfaces="bridge0" > ifconfig_bridge0="addm bge0 addm em0 up" > ifconfig_bge0="inet 172.18.0.254 netmask 255.255.255.0" > ifconfig_em0="up" > ifconfig_em2="inet 172.16.1.2 netmask 255.255.255.0" > firewall_enable="YES" > firewall_script="/etc/ipfw.rules" > > The problem is the following: > PING PC1 -> PC2 : OK > PING PC2 -> PC1: OK > PING FW -> ANY: OK > PING PC1 -> PC3: NOK > PING PC2 -> PC3: NOK > PING PC3 -> ANY: NOK > > During a PING between PC1 and PC3, a tcpdump on the em2 interface shows: > 14:10:43.564010 IP 172.18.0.1 > 172.16.1.1: ICMP echo request, id 34831, seq > 7993, length 64 > 14:10:43.564687 IP 172.16.1.1 > 172.18.0.1: ICMP echo reply, id 34831, seq > 7993, length 64 > > but the reply packet is lost in the firewall and never redirected to the > bridge0 interface... > Any idea ? > > Nicolas > Post here "#route print" on FW PC3 PC1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1178280974.4148.2.camel>