From owner-freebsd-ipfw Fri May 10 9:44:14 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from kyoto.newnet.co.uk (kyoto.newnet.co.uk [212.87.87.16]) by hub.freebsd.org (Postfix) with ESMTP id 6231237B417 for ; Fri, 10 May 2002 09:44:09 -0700 (PDT) Received: from newnet.co.uk (peter.port [212.87.87.37]) by kyoto.newnet.co.uk (8.11.6/8.11.6) with ESMTP id g4AGhs846930; Fri, 10 May 2002 17:43:55 +0100 (BST) (envelope-from peter@newnet.co.uk) Message-ID: <3CDBF8BB.3DF5F820@newnet.co.uk> Date: Fri, 10 May 2002 17:43:39 +0100 From: Peter Coates Organization: NewNet plc - Fast Access Internet - Support Team X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: rick norman Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: [Fwd: ipfw and aliases] References: <3CDBF514.EBADB9E2@lmco.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, A solution that should work would be to set the IP's up on seperate VLANs. Then they would appear as different interfaces instead of IP's "glued" on to one interface. I would suggest 4.5 for VLANs too. Regards, Peter rick norman wrote: > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > Subject: Re: ipfw and aliases > Date: Fri, 10 May 2002 09:27:05 -0700 > From: rick norman > To: Robert bobb Crosbie > References: <3CDB2CED.DCC3092F@lmco.com> > <20020510111532.A33197@flipflop.tchpc.tcd.ie> > > I tried that but via with an ip addr catches all the aliases going out the > interface, not just the requested one. > Any other ideas ? > Rick > > Robert bobb Crosbie wrote: > > > rick norman hath declared on Thursday the 09 day of May 2002 :-: > > > Is it possible to write a firewall rule for a router with one interface > > > with multiple aliased ip > > > addresses that will grab pkts based on the IP_alias they are routed in > > > or out on, rather than the src or des address of the pkt. It looks as > > > tho the 'via' qualifier lumps all the aliases for an interface > > > together. I would like to grab pkts, not based on the src and des > > > contained in the packet, but rather based on which IP_alias it is going > > > to be sent out on. > > > > You can use via with an IP address or interface. > > > > - bobb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message