Date: Fri, 1 Jul 2005 13:59:50 +0400 (MSD) From: .@babolo.ru To: dnr <dnr@freemail.lt> Cc: freebsd-net@freebsd.org Subject: Re: ipfw2 question Message-ID: <1120211990.011397.26141.nullmailer@cicuta.babolo.ru> In-Reply-To: <068101c57d4f$15a4d6e0$9f90a8c0@DONATAS>
next in thread | previous in thread | raw e-mail | index | archive | help
[ Charset ISO-8859-1 unsupported, converting... ] > sad, but > ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 > ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 > doesn't seems to work :( > > i've noticed if in one ipfw rule i describe directions on two interfaces - rule doesn't work... > example: > simplified test machine: > remote icmp 8--------fxp0[vlan10]---rl0----------remote icmp2 > > "log ip from any to any" shows: > accept icmp:8.0 10.10.10.2 192.168.144.254 in via vlan10 > accept icmp:8.0 10.10.10.2 192.168.144.254 out via rl0 > accept icmp:2.0 192.168.144.254 10.10.10.2 in via rl0 > accept icmp:2.0 192.168.144.254 10.10.10.2 out via vlan10 > > > so, 2 rules should be enough > ipfw add pass all from any to any in via vlan10 out via rl0 > ipfw add pass all from any to any in via rl0 out via vlan10 > packets do not pass through these rules... > of course "via" can be changed to "recv" or "xmit" accordingly, but i don't think i makes any sense You are mistaken. Do I wrote you literally except interface names. > for creating a pipe between vlan10 and rl0 i cannot base on something working like: > ipfw add pipe 1 all from any to any via vlan10, because it is not suitable in my case... > > ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000 > > ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000 > > > > or may be better (not exact your ask) > > > > ipfw add pipe 1 ip from any to any in recv vlan10 > > ipfw add pipe 2 ip from any to any in recv vlan11
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1120211990.011397.26141.nullmailer>