From owner-freebsd-net@FreeBSD.ORG Fri Jul 1 09:57:35 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2246216A41C for ; Fri, 1 Jul 2005 09:57:35 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5144B43D1D for ; Fri, 1 Jul 2005 09:57:33 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 41083 invoked from network); 1 Jul 2005 09:57:32 -0000 Received: from cicuta.babolo.ru (194.135.49.133) by ints.mail.pike.ru with SMTP; 1 Jul 2005 09:57:32 -0000 Received: (nullmailer pid 26142 invoked by uid 136); Fri, 01 Jul 2005 09:59:50 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <068101c57d4f$15a4d6e0$9f90a8c0@DONATAS> To: dnr Date: Fri, 1 Jul 2005 13:59:50 +0400 (MSD) From: .@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1120211990.011397.26141.nullmailer@cicuta.babolo.ru> Cc: freebsd-net@freebsd.org Subject: Re: ipfw2 question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 09:57:35 -0000 [ Charset ISO-8859-1 unsupported, converting... ] > sad, but > ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 > ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 > doesn't seems to work :( > > i've noticed if in one ipfw rule i describe directions on two interfaces - rule doesn't work... > example: > simplified test machine: > remote icmp 8--------fxp0[vlan10]---rl0----------remote icmp2 > > "log ip from any to any" shows: > accept icmp:8.0 10.10.10.2 192.168.144.254 in via vlan10 > accept icmp:8.0 10.10.10.2 192.168.144.254 out via rl0 > accept icmp:2.0 192.168.144.254 10.10.10.2 in via rl0 > accept icmp:2.0 192.168.144.254 10.10.10.2 out via vlan10 > > > so, 2 rules should be enough > ipfw add pass all from any to any in via vlan10 out via rl0 > ipfw add pass all from any to any in via rl0 out via vlan10 > packets do not pass through these rules... > of course "via" can be changed to "recv" or "xmit" accordingly, but i don't think i makes any sense You are mistaken. Do I wrote you literally except interface names. > for creating a pipe between vlan10 and rl0 i cannot base on something working like: > ipfw add pipe 1 all from any to any via vlan10, because it is not suitable in my case... > > ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 > > ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 > > > > or may be better (not exact your ask) > > > > ipfw add pipe 1 ip from any to any in recv vlan10 > > ipfw add pipe 2 ip from any to any in recv vlan11