From owner-freebsd-ipfw Wed Dec 1 16:39:47 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from m3.worldnet.net (m3.worldnet.net [195.3.3.7]) by hub.freebsd.org (Postfix) with ESMTP id 8DCD714BF8 for ; Wed, 1 Dec 1999 16:39:43 -0800 (PST) (envelope-from cholet@logilune.com) Received: from antigone.logilune.com (wn16-008.paris.worldnet.fr [195.3.16.8]) by m3.worldnet.net (8.9.3/8.9.3) with ESMTP id BAA22464; Thu, 2 Dec 1999 01:39:26 +0100 (CET) Received: by antigone.logilune.com (Postfix, from userid 1000) id 29622282; Thu, 2 Dec 1999 01:38:50 +0100 (CET) From: Eric Cholet Organization: Logilune To: Gregory Bond Subject: Re: ipfw and ip aliases not working? Date: Thu, 2 Dec 1999 01:37:29 +0100 X-Mailer: KMail [version 1.0.21] Content-Type: text/plain Cc: freebsd-ipfw@FreeBSD.ORG References: <199912012244.JAA01083@lightning.itga.com.au> MIME-Version: 1.0 Message-Id: <99120201385000.08115@antigone.logilune.com> Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG ifconfig output uses 202.53.40.215 ipfw output uses 203.53.40.215 ^ :-) Eric On Wed, 01 Dec 1999, Gregory Bond wrote: > Either I'm very confused (not impossible!!) or IPFW is busted. >=20 > I have an interface with 2 ip addresses (we are in the process of chang= ing=20 > ISPs...) >=20 > bash-2.03$ ifconfig fxp0 > fxp0: flags=3D8843 mtu 1500 > inet 192.83.119.129 netmask 0xfffffff0 broadcast 192.83.119.143 > inet 202.53.40.210 netmask 0xfffffff8 broadcast 202.53.40.215 > ether 00:90:27:4c:ea:bc=20 > media: autoselect (10baseT/UTP) status: active > supported media: autoselect 100baseTX 100baseTX 1= 0baseT/UTP 10baseT/UTP > bash-2.03$=20 >=20 > I have ipfw rules that are supposed to allow any arbitrary incoming & o= utgoing > tcp sessions to this host on either IP address: >=20 > =0915000 13 604 allow tcp from any to 192.83.119.129 via fxp0 s= etup > =0915100 869 38236 allow tcp from 192.83.119.129 to any via fxp0 s= etup > =09 > =0915800 0 0 allow tcp from any to 203.53.40.210 via fxp0 se= tup > =0915900 0 0 allow tcp from 203.53.40.210 to any via fxp0 se= tup >=20 > =0929000 2 80 deny log tcp from any to any setup >=20 > As you can see, this works for the 192.83 address, but does not work fo= r the=20 > 203.53 address, and I get kernel messages like: >=20 > =09Dec 2 09:16:06 ns /kernel: ipfw: 29000 Deny TCP 192.160.13.9:4251 2= 02.53.40.210:25 in via fxp0 > =09Dec 2 09:16:11 ns /kernel: ipfw: 29000 Deny TCP 192.160.13.9:4251 2= 02.53.40.210:25 in via fxp0 >=20 > But AFAICT this error message exactly matches rule 15800! >=20 > [The same thing is also happening with UDP packets.] >=20 > Any clues? >=20 > Greg. >=20 >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message -- Eric Cholet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message