Date: Wed, 9 May 2007 00:37:05 -0700 (PDT) From: Nicolargo <hennion@alcasat.net> To: freebsd-ipfw@freebsd.org Subject: Re: IPFW + Bridge + Routing Message-ID: <10389739.post@talk.nabble.com> In-Reply-To: <1178280974.4148.2.camel@debian.azercell.com> References: <10303574.post@talk.nabble.com> <1178280974.4148.2.camel@debian.azercell.com>
next in thread | previous in thread | raw e-mail | index | archive | help
PC1: Default route to 172.18.0.254 PC3: Default route to 172.16.1.2 Firewall: Default route to 172.18.0.100 (router to Internet) Thanks for your help. Sarkhan Elkhanzade wrote: > > On Thu, 2007-05-03 at 05:11 -0700, Nicolargo wrote: >> Hi all, >> >> here is y configuration: >> >> PC3 >> | >> | >> FW >> / \ >> / \ >> PC1 PC2 >> >> FW: FreeBSD 6.2 >> Interface PC1 and PC2: bridged (172.18.0.254) >> Interface PC3: Routed (172.16.1.2) >> PC1: 172.18.0.1 >> PC2: 172.18.0.2 >> PC3: 172.16.1.1 >> >> Ipfw: >> ipfw add 1 allow ip from any to any MAC any any >> ipfw add 2 allow ip from any to any >> >> Bridge: >> net.link.ether.bridge_cfg: >> net.link.ether.bridge_ipfw: 0 >> net.link.ether.bridge_ipf: 0 >> net.link.ether.bridge.config: >> net.link.ether.bridge.enable: 1 >> net.link.ether.bridge.predict: 1250 >> net.link.ether.bridge.dropped: 0 >> net.link.ether.bridge.packets: 1294 >> net.link.ether.bridge.ipfw_collisions: 0 >> net.link.ether.bridge.ipfw_drop: 0 >> net.link.ether.bridge.copy: 0 >> net.link.ether.bridge.ipfw: 0 >> net.link.ether.bridge.ipf: 0 >> net.link.ether.bridge.debug: 0 >> net.link.ether.bridge.version: 031224 >> net.link.bridge.ipfw: 1 >> net.link.bridge.pfil_member: 1 >> net.link.bridge.pfil_bridge: 1 >> net.link.bridge.ipfw_arp: 0 >> net.link.bridge.pfil_onlyip: 1 >> >> rc.conf: >> cloned_interfaces="bridge0" >> ifconfig_bridge0="addm bge0 addm em0 up" >> ifconfig_bge0="inet 172.18.0.254 netmask 255.255.255.0" >> ifconfig_em0="up" >> ifconfig_em2="inet 172.16.1.2 netmask 255.255.255.0" >> firewall_enable="YES" >> firewall_script="/etc/ipfw.rules" >> >> The problem is the following: >> PING PC1 -> PC2 : OK >> PING PC2 -> PC1: OK >> PING FW -> ANY: OK >> PING PC1 -> PC3: NOK >> PING PC2 -> PC3: NOK >> PING PC3 -> ANY: NOK >> >> During a PING between PC1 and PC3, a tcpdump on the em2 interface shows: >> 14:10:43.564010 IP 172.18.0.1 > 172.16.1.1: ICMP echo request, id 34831, >> seq >> 7993, length 64 >> 14:10:43.564687 IP 172.16.1.1 > 172.18.0.1: ICMP echo reply, id 34831, >> seq >> 7993, length 64 >> >> but the reply packet is lost in the firewall and never redirected to the >> bridge0 interface... >> Any idea ? >> >> Nicolas >> > Post here > "#route print" on FW PC3 PC1 > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > -- View this message in context: http://www.nabble.com/IPFW-%2B-Bridge-%2B-Routing-tf3686063.html#a10389739 Sent from the freebsd-ipfw mailing list archive at Nabble.com.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10389739.post>