Date: Sun, 25 Nov 2001 10:21:14 +0100 From: Joost Bekkers <joost@bps.jodocus.org> To: Chuck Root <puga@mauibuilt.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW/VLAN Message-ID: <20011125102114.A2493@bps.jodocus.org> In-Reply-To: <3BFF5C8C.1CC4A6FF@mauibuilt.com>; from puga@mauibuilt.com on Fri, Nov 23, 2001 at 10:38:36PM -1000 References: <3BFF5C8C.1CC4A6FF@mauibuilt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 23, 2001 at 10:38:36PM -1000, Chuck Root wrote: > I am trying to use a freebsd box with 2 fxp NIC's in it as a firewall > between 2 points on a 802.1q tagged vlan trunk. > > I am bridging the interfaces using the BRIDGING option in the kernel and > I am using ipfw to filter pakets. > > The bridge and ipfw work fine with normal pakets but the ones with > 802.1q tages slip right on by. > > is there any way to do this? > > I have tried bridging the vlans them selfs with no luck. > The reason why 802.1q packets don't get filtered is this: The bridge code only sends ip packets through the firewall, all others (802.1q;ipx;arp;ipv6;....) will be passed no matter what. The reason why you can't bridge the vlan interfaces is because bridging only works on ethernet interfaces. At this point there is nothing you can do about it. (aside from changing the kernel code) -- greetz Joost joost@jodocus.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011125102114.A2493>