From owner-freebsd-ipfw@FreeBSD.ORG  Mon Dec  1 08:47:41 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 235A2106567F
	for <freebsd-ipfw@freebsd.org>; Mon,  1 Dec 2008 08:47:41 +0000 (UTC)
	(envelope-from bogdan_inedit@yahoo.com)
Received: from web50303.mail.re2.yahoo.com (web50303.mail.re2.yahoo.com
	[206.190.38.57]) by mx1.freebsd.org (Postfix) with SMTP id C91528FC21
	for <freebsd-ipfw@freebsd.org>; Mon,  1 Dec 2008 08:47:40 +0000 (UTC)
	(envelope-from bogdan_inedit@yahoo.com)
Received: (qmail 25293 invoked by uid 60001); 1 Dec 2008 08:47:40 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Message-ID;
	b=FFiG/+nU5g9RcLj7+1wNp1WcjWEBGyWWQJgRj0xQ9G7iEPs8ccheLM2oY5Nnv3ZaQiCiPJno6jAR64y+Cd0WzqRKsryPYrybT0Ob6F9DQoJauKxcfWfpnCDAdfA7muPHaF6FH4UN/mP6NmM5sCaNkeyqsyHhm0NSJMlw+dnn3KA=;
X-YMail-OSG: jpBveDMVM1l1TNexpZEWOX8pqn6lUHPLL48hgOrKjnjEk5Bao7Vo1BuihTSjP95wz0240BXTd_nFeZ4hQrLschgp.A.nEI4Q9JfreiaU8OERr5MlsFVW8r2LeV2qwxDKFkanTKqwfTnWu0fLdRUgZ02AG9djXxxemB9eFlRX
Received: from [93.113.175.11] by web50303.mail.re2.yahoo.com via HTTP;
	Mon, 01 Dec 2008 00:47:39 PST
X-Mailer: YahooMailWebService/0.7.260.1
Date: Mon, 1 Dec 2008 00:47:39 -0800 (PST)
From: bogdan oprea <bogdan_inedit@yahoo.com>
To: freebsd-ipfw@freebsd.org
MIME-Version: 1.0
Message-ID: <44691.25194.qm@web50303.mail.re2.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: ipfw triple homed bridge
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: bogdan_inedit@yahoo.com
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2008 08:47:41 -0000

i have a freebsd 7 box with the following configuration:
vr0---box---rl0
=A0=A0=A0=A0=A0=A0=A0=A0 |
=A0=A0=A0=A0=A0=A0=A0 rl1
i bridged vr0 and rl0 using this commands in rc.conf:
cloned_interfaces=3D"bridge0"
ifconfig_bridge0=3D"inet x.x.x.x/24 addm vr0 addm rl0 up"
ifconfig_vr0=3D"up"
ifconfig_rl0=3D"up"

rl1 has routing enabled with:
gateway_enable=3D"YES"
ifconfig_rl1=3D"inet y.y.y.y=A0 netmask 255.255.255.192"

when creating rules such as:
ipfw add 100 ip from any to any in via vr0 or ipfw add 100 ip from any to a=
ny in via rl0 i see no traffic
but when creating rules like ipfw add 100 ip from any to any in via bridge0=
 i see traffic
i was wondering if i can add rules based on vr0 and rl0, not on bridge0, be=
cause i wan't to limit some ports on vr0 and i want dhcpd server to serve o=
nly on rl0

i also have in sysctl.conf:
net.link.bridge.ipfw=3D1
net.link.bridge.ipfw_arp=3D1
=0A=0A=0A