From owner-freebsd-ipfw  Tue May 14 11:42: 2 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mailgw3a.lmco.com (mailgw3a.lmco.com [192.35.35.7])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1352837B40C; Tue, 14 May 2002 11:41:53 -0700 (PDT)
Received: from emss01g01.ems.lmco.com ([129.197.181.54])
	by mailgw3a.lmco.com (8.11.6/8.11.6) with ESMTP id g4EIfaR20494;
	Tue, 14 May 2002 14:41:40 -0400 (EDT)
Received: from CONVERSION-DAEMON by lmco.com (PMDF V5.2-33 #38886) id <0GW400O016LB3Q@lmco.com>; Tue,
 14 May 2002 11:41:35 -0700 (PDT)
Received: from lmco.com ([129.197.20.43]) by lmco.com (PMDF V5.2-33 #38886) with ESMTP id <0GW40040B6L7AV@lmco.com>; Tue,
 14 May 2002 11:41:31 -0700 (PDT)
Date: Tue, 14 May 2002 11:38:20 -0700
From: rick norman <rick.norman@lmco.com>
Subject: Re: ipfw and aliases
To: "Crist J. Clark" <cjc@FreeBSD.ORG>
Cc: freebsd-ipfw@FreeBSD.ORG
Message-id: <3CE1599C.42071126@lmco.com>
MIME-version: 1.0
X-Mailer: Mozilla 4.79 [en] (WinNT; U)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
X-Accept-Language: en
References: <3CDB2CED.DCC3092F@lmco.com> <20020511134633.A2824@blossom.cjclark.org>
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

This is true for the inbound path, however for the outbound path the
info is available.  It should be possible to have a qualifier that recognizes

the alias's independantly from the interface.

Rick

"Crist J. Clark" wrote:

> On Thu, May 09, 2002 at 07:14:06PM -0700, rick norman wrote:
> > Is it possible to write a firewall rule for a router with one interface
> > with multiple aliased ip
> > addresses that will grab pkts based on the IP_alias they are routed in
> > or out on, rather than the src or des address of the pkt.
>
> No, there is no way to do this. The information is simply not
> available to the system. There is no way for it to know what IP
> address a remote machine might have used to pick its link-layer
> address for forwarding the packet.
> --
> Crist J. Clark                     |     cjclark@alum.mit.edu
>                                    |     cjclark@jhu.edu
> http://people.freebsd.org/~cjc/    |     cjc@freebsd.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message