From owner-freebsd-questions Tue May 28 17:38:14 2002 Delivered-To: freebsd-questions@freebsd.org Received: from postoffice.igalaxy.net (hal.igalaxy.net [64.160.104.142]) by hub.freebsd.org (Postfix) with ESMTP id 3754337B400 for ; Tue, 28 May 2002 17:38:09 -0700 (PDT) Received: from mikeyg [64.160.106.107] by postoffice.igalaxy.net (SMTPD32-7.07) id A466B2B0150; Tue, 28 May 2002 17:44:22 -0700 Message-ID: <09a001c206a9$19ba61c0$0301a8c0@mikeyg> Reply-To: "Mike Grissom" From: "Mike Grissom" To: References: Subject: Re: configuring dummynet/ipfw in bridging mode Date: Tue, 28 May 2002 17:38:05 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG With bridge enabled, you cannot use the "out" keyword in the rules because say it comes in on say fxp0 and goes out on fxp1, that means that fxp1 is actually sending it out so you would use "via fxp1" ----- Original Message ----- From: "Albuquerque, Marcelo M" To: Sent: Tuesday, May 28, 2002 5:14 PM Subject: configuring dummynet/ipfw in bridging mode > I am using FreeBSD 4.5 and have 3 NIC cards installed. Traffic is being > bridged between the three interfaces. I am trying to configure ipfw such > that I can have different impairments (delay, losses, etc..) between each > possible pair of NIC cards. It seems to be a simple setup but I'm having > problems getting it to work. The following is my testbed setup: > > ___________________ > | | > 192.168.1.1 ------------ | FreeBSD 4.5 Bridge | ------------ > 192.168.1.2 > |___________________| > | > | > 192.168.1.3 > > The following command works fine: ' ipfw add 100 deny ip from any to any > in recv fxp0 ' > The result is that when I ping from or to the ip address connected to fxp0 > it will timeout. > > I expected the same to happen with the following command: ' ipfw add 100 > deny ip from any to any out xmit fxp0 ' > The result is that pings from or to the ip address connected to fxp0 are > successful. The same happens if I replace 'xmit' with 'recv' > > My ultimate goal is to use the following command: ' ipfw add 100 deny ip > from any to any out recv fxp0 xmit fxp0 ' > This will also fail like in the previous case, even though this command is > shown as an example in the ipfw(8) documentation. This will allow me to have > a set of impairments for each pair of NICs, in each direction. > > The same thing happen if a pipe is created and configured with impairments > such as a 100ms delay. > > Can anyone help me figure out what is wrong with my setup/configuration. > > Thanks. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message