From owner-freebsd-net@FreeBSD.ORG  Tue May  9 20:45:14 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DBBF416A829
	for <freebsd-net@freebsd.org>; Tue,  9 May 2006 20:45:14 +0000 (UTC)
	(envelope-from cegaspar@ifi.unicamp.br)
Received: from terra.ifi.unicamp.br (terra.ifi.unicamp.br [143.106.6.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AF10F43D70
	for <freebsd-net@freebsd.org>; Tue,  9 May 2006 20:45:08 +0000 (GMT)
	(envelope-from cegaspar@ifi.unicamp.br)
Received: from lua.ifi.unicamp.br (lua.ifi.unicamp.br [143.106.6.13])
	by terra.ifi.unicamp.br (Postfix) with ESMTP id DC6A3264A3A
	for <freebsd-net@freebsd.org>; Tue,  9 May 2006 17:44:29 -0300 (BRT)
Received: from localhost (sa.ifi.unicamp.br [143.106.6.10])
	by lua.ifi.unicamp.br (Postfix) with ESMTP id 70D75679F0
	for <freebsd-net@freebsd.org>; Tue,  9 May 2006 17:44:55 -0300 (BRT)
Received: from lua.ifi.unicamp.br ([143.106.6.13])
	by localhost (sa.ifi.unicamp.br [143.106.6.10]) (amavisd-new,
	port 10024) with ESMTP id 63153-16-2 for <freebsd-net@freebsd.org>;
	Tue,  9 May 2006 17:44:57 -0300 (BRT)
Received: from [143.106.72.17] (gefion.ifi.unicamp.br [143.106.72.17])
	by lua.ifi.unicamp.br (Postfix) with ESMTP id 243A5679FB
	for <freebsd-net@freebsd.org>; Tue,  9 May 2006 17:44:52 -0300 (BRT)
Message-ID: <4460FF4E.10305@ifi.unicamp.br>
Date: Tue, 09 May 2006 17:45:02 -0300
From: Carlos E Gaspar <cegaspar@ifi.unicamp.br>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at ifi.unicamp.br
Subject: ipfw divert with layer2 (if_bridge) packets
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: freebsd-net@freebsd.org
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2006 20:45:16 -0000

Hi.

I have the following setup:

FreeBSD abc5.5-PRERELEASE FreeBSD 5.5-PRERELEASE #0: Wed Apr 26 14:58:22 
BRT 2006     root@abc:/usr/src/sys/alpha/compile/ABC alpha

bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        ether xx:xx:xx:xx:xx:xx
        priority 32768 hellotime 2 fwddelay 15 maxage 20
        member: de1 flags=3<LEARNING,DISCOVER>
        member: de0 flags=3<LEARNING,DISCOVER>

de1 is my internal interface (local) and de0 the external (internet). 
host1 is on de1. Bridge works fine (if_bridge).

With the following sysctl's:

net.link.bridge.pfil_onlyip: 0
net.link.bridge.pfil_member: 1
net.link.bridge.pfil_bridge: 0
net.link.bridge.ipfw: 0
net.link.ether.ipfw: 1

I'm trying to divert layer2 packets using this ipfw rule, but the 
counters are always 0 0 as seen with 'ipfw show'.

divert 8000 log all from host1 to any layer2 in via de1

What's wrong? It's possible to do that with if_bridge? Do I need FBSD 6.1?
Thanks for advance... sorry about my english

Carlos Gaspar
carlosgaspar@yahoo.com