Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 2 Dec 1999 01:37:29 +0100
From:      Eric Cholet <cholet@logilune.com>
To:        Gregory Bond <gnb@itga.com.au>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: ipfw and ip aliases not working?
Message-ID:  <99120201385000.08115@antigone.logilune.com>
References:  <199912012244.JAA01083@lightning.itga.com.au>

next in thread | previous in thread | raw e-mail | index | archive | help
ifconfig output uses 202.53.40.215
ipfw output uses     203.53.40.215
                       ^

:-)
Eric

On Wed, 01 Dec 1999, Gregory Bond wrote:
> Either I'm very confused (not impossible!!) or IPFW is busted.
>=20
> I have an interface with 2 ip addresses (we are in the process of chang=
ing=20
> ISPs...)
>=20
> bash-2.03$ ifconfig fxp0
> fxp0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 192.83.119.129 netmask 0xfffffff0 broadcast 192.83.119.143
>         inet 202.53.40.210 netmask 0xfffffff8 broadcast 202.53.40.215
>         ether 00:90:27:4c:ea:bc=20
>         media: autoselect (10baseT/UTP) status: active
>         supported media: autoselect 100baseTX <full-duplex> 100baseTX 1=
0baseT/UTP <full-duplex> 10baseT/UTP
> bash-2.03$=20
>=20
> I have ipfw rules that are supposed to allow any arbitrary incoming & o=
utgoing
> tcp sessions to this host on either IP address:
>=20
> =0915000    13      604 allow tcp from any to 192.83.119.129 via fxp0 s=
etup
> =0915100   869    38236 allow tcp from 192.83.119.129 to any via fxp0 s=
etup
> =09
> =0915800     0        0 allow tcp from any to 203.53.40.210 via fxp0 se=
tup
> =0915900     0        0 allow tcp from 203.53.40.210 to any via fxp0 se=
tup
>=20
> =0929000     2       80 deny log tcp from any to any setup
>=20
> As you can see, this works for the 192.83 address, but does not work fo=
r the=20
> 203.53 address, and I get kernel messages like:
>=20
> =09Dec  2 09:16:06 ns /kernel: ipfw: 29000 Deny TCP 192.160.13.9:4251 2=
02.53.40.210:25 in via fxp0
> =09Dec  2 09:16:11 ns /kernel: ipfw: 29000 Deny TCP 192.160.13.9:4251 2=
02.53.40.210:25 in via fxp0
>=20
> But AFAICT this error message exactly matches rule 15800!
>=20
> [The same thing is also happening with UDP packets.]
>=20
> Any clues?
>=20
> Greg.
>=20
>=20
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message
--
Eric Cholet


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99120201385000.08115>