Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 17 Aug 1999 23:55:17 -0700 (PDT)
From:      Julian Elischer <julian@whistle.com>
To:        Ludo Koren <ludo_koren@tempest.sk>
Cc:        norman@nttmcl.com, freebsd-ipfw@FreeBSD.ORG
Subject:   Re: ipfw + bridging: fwd rule enacted but no effect
Message-ID:  <Pine.BSF.3.95.990817234319.11710B-100000@current1.whistle.com>
In-Reply-To: <199908180608.IAA57956@t47.tempest.sk>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
I think it's possible that the question below shows a fundamental
misunderstanding of what the fwd operation does..  When the packet arrives
at B it will be forwarded by the normal code to the original
destination,.. C

I think the picture below has been messed up..
I think it should be (by adding newlines and spaces)

 [A]-----[fxp0:D:fxp1]-----[C]
                 fxp2 ----
                         |
                         |
                        [B]


but I'm not sure..


On Wed, 18 Aug 1999, Ludo Koren wrote:

> 
> 
> > I'm having problems with ipfw fwd + bridging.  Please help!
> 
> > My setup is:
> 
> > [A]-----[fxp0:D:fxp1]-----[C] fxp2 ---- | | [B]
> 
> 
> 
> > D is the box that runs ipfw + bridging.
> 
> > My rule is very simple:
> 
> > 100 fwd B log all from A to C

 last rule allow from any to any

> 
> > Ideally , it should redirect any packets from A to C and emit
> > them out on interface fxp2 (linked to B).  And those packets
> > are to be dropped dead on B.

yes, but they might not be dropped, but possibly forwarded back to D
(if net.inet.ip.forward is true) (or whatever it is..)

> 
> > What happened is that logging messages indicate that rule 100
> > were envoked but with no effect.  One can still ping from A to
> > C.


> 
> 
> > IPFW with no bridging (ie. machine B acting as a router) works
> > fine.
> 
> > Bridging alone works fine.
> 
> > But when combining ipfw + bridging, the fwd command doesn't
> > work.

hmmm tricky.
I'm not very sure about bridging.. I haven't looked at it.

> 
> > Any one has the same problem before?
> 
> > Also, I assume when doing bridging, I don't need to config the
> > routing table in machine B.  Is this correct?
> 
> Several days ago I sent similar question with no answer. After looking
> into the source code I realized this feature is not implemented. I
> spoke about it with Luigi Rizzo who has implemented the bridging
> stuff. He suggested that it's not appropriate for bridging as such. It
> should be done in `higher level'. But the problem is you need
> configuration as a gateway.
> 
> Basically, I was convinced to implement it, but now I am considering if
> the solution is technically correct (e.g. I will not get troubles if
> the load on bridge will be high).
> 
> ludo
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.990817234319.11710B-100000>