From owner-freebsd-net@FreeBSD.ORG Tue May 9 21:01:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C468B16A505 for ; Tue, 9 May 2006 21:01:40 +0000 (UTC) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8CA3D43D45 for ; Tue, 9 May 2006 21:01:40 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [10.251.19.131]) ([10.251.19.131]) by a50.ironport.com with ESMTP; 09 May 2006 14:01:39 -0700 Message-ID: <44610333.6070806@elischer.org> Date: Tue, 09 May 2006 14:01:39 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4460FF4E.10305@ifi.unicamp.br> In-Reply-To: <4460FF4E.10305@ifi.unicamp.br> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: ipfw divert with layer2 (if_bridge) packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 May 2006 21:01:41 -0000 Carlos E Gaspar wrote: > Hi. > > I have the following setup: > > FreeBSD abc5.5-PRERELEASE FreeBSD 5.5-PRERELEASE #0: Wed Apr 26 > 14:58:22 BRT 2006 root@abc:/usr/src/sys/alpha/compile/ABC alpha > > bridge0: flags=8043 mtu 1500 > ether xx:xx:xx:xx:xx:xx > priority 32768 hellotime 2 fwddelay 15 maxage 20 > member: de1 flags=3 > member: de0 flags=3 > > de1 is my internal interface (local) and de0 the external (internet). > host1 is on de1. Bridge works fine (if_bridge). > > With the following sysctl's: > > net.link.bridge.pfil_onlyip: 0 > net.link.bridge.pfil_member: 1 > net.link.bridge.pfil_bridge: 0 > net.link.bridge.ipfw: 0 > net.link.ether.ipfw: 1 > > I'm trying to divert layer2 packets using this ipfw rule, but the > counters are always 0 0 as seen with 'ipfw show'. I don't know about if_bridge but layer2 and divert are not allowed together.. I have changes that make it work in 4.x but they will not apply to 5.x or later.. Luigi also has some changes that allow it.. > > divert 8000 log all from host1 to any layer2 in via de1 > > What's wrong? It's possible to do that with if_bridge? Do I need FBSD > 6.1? > Thanks for advance... sorry about my english > > Carlos Gaspar > carlosgaspar@yahoo.com > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"