From owner-freebsd-net@FreeBSD.ORG Thu Jun 30 08:38:32 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E79316A41F for ; Thu, 30 Jun 2005 08:38:32 +0000 (GMT) (envelope-from dnr@freemail.lt) Received: from relay.erdves.lt (relay.erdves.lt [217.9.240.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id E176F43D4C for ; Thu, 30 Jun 2005 08:38:31 +0000 (GMT) (envelope-from dnr@freemail.lt) Received: from donatas (p2p-241-242-ird.vln0.lrtc.net [217.9.241.242]) by relay.erdves.lt (Postfix) with ESMTP id 8C2FB598577; Thu, 30 Jun 2005 11:38:37 +0300 (EEST) Message-ID: <068101c57d4f$15a4d6e0$9f90a8c0@DONATAS> From: "dnr" To: <.@babolo.ru> References: <1120084599.354789.23455.nullmailer@cicuta.babolo.ru> Date: Thu, 30 Jun 2005 11:38:26 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Cc: freebsd-net@freebsd.org Subject: Re: ipfw2 question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2005 08:38:32 -0000 sad, but ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 doesn't seems to work :( i've noticed if in one ipfw rule i describe directions on two interfaces = - rule doesn't work... example: simplified test machine: remote icmp 8--------fxp0[vlan10]---rl0----------remote icmp2 "log ip from any to any" shows: accept icmp:8.0 10.10.10.2 192.168.144.254 in via vlan10 accept icmp:8.0 10.10.10.2 192.168.144.254 out via rl0 accept icmp:2.0 192.168.144.254 10.10.10.2 in via rl0 accept icmp:2.0 192.168.144.254 10.10.10.2 out via vlan10 so, 2 rules should be enough ipfw add pass all from any to any in via vlan10 out via rl0 ipfw add pass all from any to any in via rl0 out via vlan10 packets do not pass through these rules... of course "via" can be changed to "recv" or "xmit" accordingly, but i = don't think i makes any sense for creating a pipe between vlan10 and rl0 i cannot base on something = working like: ipfw add pipe 1 all from any to any via vlan10, because it is not = suitable in my case... >[ Charset ISO-8859-4 unsupported, converting... ] >> hello, >> i'm solving such a problem: >> router with 3 eth i-faces: >>=20 >> em0(vlan10) >> (vlan1000)fxp0 >> em1(vlan11) >>=20 >> I need to split traffic into two pipes >> pipe1 from vlan10 to vlan1000 >> pipe2 from vlan11 to vlan1000 >>=20 >> fxp side supplys traffic to many different subnets >> em0 is trunk to the world networks >> em1 is trunk to the national networks >> so I cannot write these rules in IP level.... >>=20 >> doing it in the following way doesn't works... >> ipfw add pipe1 pass all from any to any via vlan10 in recv vlan1000 >> ipfw add pipe1 pass all from any to any via vlan10 out xmit vlan1000 > ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 > ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 >=20 > or may be better (not exact your ask) >=20 > ipfw add pipe 1 ip from any to any in recv vlan10 > ipfw add pipe 2 ip from any to any in recv vlan11 >=20 >