From owner-freebsd-ipfw Tue Aug 17 23:57:54 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 5A06514CAB for ; Tue, 17 Aug 1999 23:57:52 -0700 (PDT) (envelope-from julian@whistle.com) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.9.1a/8.9.1) with SMTP id XAA91619; Tue, 17 Aug 1999 23:54:08 -0700 (PDT) Date: Tue, 17 Aug 1999 23:55:17 -0700 (PDT) From: Julian Elischer To: Ludo Koren Cc: norman@nttmcl.com, freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw + bridging: fwd rule enacted but no effect In-Reply-To: <199908180608.IAA57956@t47.tempest.sk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I think it's possible that the question below shows a fundamental misunderstanding of what the fwd operation does.. When the packet arrives at B it will be forwarded by the normal code to the original destination,.. C I think the picture below has been messed up.. I think it should be (by adding newlines and spaces) [A]-----[fxp0:D:fxp1]-----[C] fxp2 ---- | | [B] but I'm not sure.. On Wed, 18 Aug 1999, Ludo Koren wrote: > > > > I'm having problems with ipfw fwd + bridging. Please help! > > > My setup is: > > > [A]-----[fxp0:D:fxp1]-----[C] fxp2 ---- | | [B] > > > > > D is the box that runs ipfw + bridging. > > > My rule is very simple: > > > 100 fwd B log all from A to C last rule allow from any to any > > > Ideally , it should redirect any packets from A to C and emit > > them out on interface fxp2 (linked to B). And those packets > > are to be dropped dead on B. yes, but they might not be dropped, but possibly forwarded back to D (if net.inet.ip.forward is true) (or whatever it is..) > > > What happened is that logging messages indicate that rule 100 > > were envoked but with no effect. One can still ping from A to > > C. > > > > IPFW with no bridging (ie. machine B acting as a router) works > > fine. > > > Bridging alone works fine. > > > But when combining ipfw + bridging, the fwd command doesn't > > work. hmmm tricky. I'm not very sure about bridging.. I haven't looked at it. > > > Any one has the same problem before? > > > Also, I assume when doing bridging, I don't need to config the > > routing table in machine B. Is this correct? > > Several days ago I sent similar question with no answer. After looking > into the source code I realized this feature is not implemented. I > spoke about it with Luigi Rizzo who has implemented the bridging > stuff. He suggested that it's not appropriate for bridging as such. It > should be done in `higher level'. But the problem is you need > configuration as a gateway. > > Basically, I was convinced to implement it, but now I am considering if > the solution is technically correct (e.g. I will not get troubles if > the load on bridge will be high). > > ludo > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message