Date: Wed, 29 May 2002 08:29:22 -0700 From: "Albuquerque, Marcelo M" <marcelo.m.albuquerque@boeing.com> To: "'Mike Grissom'" <mikeyg@igalaxy.net> Cc: freebsd-questions@freebsd.org Subject: RE: configuring dummynet/ipfw in bridging mode Message-ID: <F10E013C394AD411A2F10008C75DF4823D4385@xch-knt-01.nw.nos.boeing.com>
next in thread | raw e-mail | index | archive | help
Thanks Mike. The "via fxp1" command worked but only if I am filtering all packets going through fxp1. However, what I really need is to filter packets that are both received on fxp0 AND transmitted on fxp1. In that case, using "in recv fxp0" and "via fxp1" in the same filter will not work (incompatible commands). I'll move this question to the freebsd-net. Thanks again. -----Original Message----- From: Mike Grissom [mailto:mikeyg@igalaxy.net] Sent: Tuesday, May 28, 2002 5:38 PM To: freebsd-questions@freebsd.org Subject: Re: configuring dummynet/ipfw in bridging mode With bridge enabled, you cannot use the "out" keyword in the rules because say it comes in on say fxp0 and goes out on fxp1, that means that fxp1 is actually sending it out so you would use "via fxp1" ----- Original Message ----- From: "Albuquerque, Marcelo M" <marcelo.m.albuquerque@boeing.com> To: <freebsd-questions@FreeBSD.ORG> Sent: Tuesday, May 28, 2002 5:14 PM Subject: configuring dummynet/ipfw in bridging mode > I am using FreeBSD 4.5 and have 3 NIC cards installed. Traffic is being > bridged between the three interfaces. I am trying to configure ipfw such > that I can have different impairments (delay, losses, etc..) between each > possible pair of NIC cards. It seems to be a simple setup but I'm having > problems getting it to work. The following is my testbed setup: > > ___________________ > | | > 192.168.1.1 ------------ | FreeBSD 4.5 Bridge | ------------ > 192.168.1.2 > |___________________| > | > | > 192.168.1.3 > > The following command works fine: ' ipfw add 100 deny ip from any to any > in recv fxp0 ' > The result is that when I ping from or to the ip address connected to fxp0 > it will timeout. > > I expected the same to happen with the following command: ' ipfw add 100 > deny ip from any to any out xmit fxp0 ' > The result is that pings from or to the ip address connected to fxp0 are > successful. The same happens if I replace 'xmit' with 'recv' > > My ultimate goal is to use the following command: ' ipfw add 100 deny ip > from any to any out recv fxp0 xmit fxp0 ' > This will also fail like in the previous case, even though this command is > shown as an example in the ipfw(8) documentation. This will allow me to have > a set of impairments for each pair of NICs, in each direction. > > The same thing happen if a pipe is created and configured with impairments > such as a 100ms delay. > > Can anyone help me figure out what is wrong with my setup/configuration. > > Thanks. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F10E013C394AD411A2F10008C75DF4823D4385>