Date: Thu, 02 Dec 1999 09:44:55 +1100 From: Gregory Bond <gnb@itga.com.au> To: freebsd-ipfw@FreeBSD.ORG Subject: ipfw and ip aliases not working? Message-ID: <199912012244.JAA01083@lightning.itga.com.au>
next in thread | raw e-mail | index | archive | help
Either I'm very confused (not impossible!!) or IPFW is busted.
I have an interface with 2 ip addresses (we are in the process of changing
ISPs...)
bash-2.03$ ifconfig fxp0
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.83.119.129 netmask 0xfffffff0 broadcast 192.83.119.143
inet 202.53.40.210 netmask 0xfffffff8 broadcast 202.53.40.215
ether 00:90:27:4c:ea:bc
media: autoselect (10baseT/UTP) status: active
supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP
bash-2.03$
I have ipfw rules that are supposed to allow any arbitrary incoming & outgoing
tcp sessions to this host on either IP address:
15000 13 604 allow tcp from any to 192.83.119.129 via fxp0 setup
15100 869 38236 allow tcp from 192.83.119.129 to any via fxp0 setup
15800 0 0 allow tcp from any to 203.53.40.210 via fxp0 setup
15900 0 0 allow tcp from 203.53.40.210 to any via fxp0 setup
29000 2 80 deny log tcp from any to any setup
As you can see, this works for the 192.83 address, but does not work for the
203.53 address, and I get kernel messages like:
Dec 2 09:16:06 ns /kernel: ipfw: 29000 Deny TCP 192.160.13.9:4251 202.53.40.210:25 in via fxp0
Dec 2 09:16:11 ns /kernel: ipfw: 29000 Deny TCP 192.160.13.9:4251 202.53.40.210:25 in via fxp0
But AFAICT this error message exactly matches rule 15800!
[The same thing is also happening with UDP packets.]
Any clues?
Greg.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912012244.JAA01083>