Date: Tue, 09 May 2006 14:01:39 -0700 From: Julian Elischer <julian@elischer.org> To: freebsd-net@freebsd.org Subject: Re: ipfw divert with layer2 (if_bridge) packets Message-ID: <44610333.6070806@elischer.org> In-Reply-To: <4460FF4E.10305@ifi.unicamp.br> References: <4460FF4E.10305@ifi.unicamp.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Carlos E Gaspar wrote: > Hi. > > I have the following setup: > > FreeBSD abc5.5-PRERELEASE FreeBSD 5.5-PRERELEASE #0: Wed Apr 26 > 14:58:22 BRT 2006 root@abc:/usr/src/sys/alpha/compile/ABC alpha > > bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > ether xx:xx:xx:xx:xx:xx > priority 32768 hellotime 2 fwddelay 15 maxage 20 > member: de1 flags=3<LEARNING,DISCOVER> > member: de0 flags=3<LEARNING,DISCOVER> > > de1 is my internal interface (local) and de0 the external (internet). > host1 is on de1. Bridge works fine (if_bridge). > > With the following sysctl's: > > net.link.bridge.pfil_onlyip: 0 > net.link.bridge.pfil_member: 1 > net.link.bridge.pfil_bridge: 0 > net.link.bridge.ipfw: 0 > net.link.ether.ipfw: 1 > > I'm trying to divert layer2 packets using this ipfw rule, but the > counters are always 0 0 as seen with 'ipfw show'. I don't know about if_bridge but layer2 and divert are not allowed together.. I have changes that make it work in 4.x but they will not apply to 5.x or later.. Luigi also has some changes that allow it.. > > divert 8000 log all from host1 to any layer2 in via de1 > > What's wrong? It's possible to do that with if_bridge? Do I need FBSD > 6.1? > Thanks for advance... sorry about my english > > Carlos Gaspar > carlosgaspar@yahoo.com > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44610333.6070806>