From owner-freebsd-net  Thu Sep 26  9:46:44 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 12CCB37B401; Thu, 26 Sep 2002 09:46:42 -0700 (PDT)
Received: from mail.zimmer-medienhaus.de (roosevelt.zimmer-medienhaus.de [212.88.130.136])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 84D5943E4A; Thu, 26 Sep 2002 09:46:40 -0700 (PDT)
	(envelope-from david.zimmer@zimmer-medienhaus.de)
Message-id: <fc.0073f94100281ab80073f94100281ab8.281ae2@zimmer-medienhaus.de>
Date: Thu, 26 Sep 2002 18:33:18 +0200
Subject: Forwarding selected broadcasts with ipfw
To: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org
Cc: dominik.brettnacher@zimmer-medienhaus.de
From: "David Zimmer" <david.zimmer@zimmer-medienhaus.de>
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Hello,

we are using ipfw on FreeBSD 4.7 PRERELEASE as our main firewall. The box
has 5 ethernet segments connected to it that serve

- DMZ
- DMZ Cisco CallManager
- private LAN, Workstations
- private LAN, Cisco IP Phones
- public LAN, Internet

Due to a new application that we are introducing we need to forward
broadcast from the private LAN, Workstations into the DMZ. This is
necessary for the clients to autoconnect to the server.

I thought the forward action in the ipfw rule body could do this but I
cannot get it to work.

Here is what I did

1. I introduced a rule that should forward the packets, this rule looks
like

fwd 212.88.130.135 udp from any to 255.255.255.255 19813

2. The incoming packets match this rule according to the output of ipfw
show

3. The forwarded packet never gets out onto any interface though,
according to tcpdump

My questions now are:

a) What happens to the disapperaring packets

b) is there a way to debug what happens to the packet after the above rule
(#1) matches

c) what other configuration might solve our problem

Before we installed ipfw we just had a Cisco 3640 with several VLANs and
appropriate access lists. Cisco offers the option of a so called "ip
helper address" to forward selected broadcasts.

Thanks for any help,


David Zimmer

================================================================
David A. Zimmer                                              Zimmer
Medienhaus AG
mailto: dz@zimmer-medienhaus.de                   Trierer Strasse 223-225
http://www.zimmer-medienhaus.de                 66663 Merzig, Germany
Phone: +49 6861 9312-0                                Fax: +49 6861 9312-13
-- all kind of spam to this email address forbidden/keine Werbemails --
================================================================


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message