Date: Wed, 29 May 2002 18:22:19 -0700 From: "Patrick Soltani" <psoltani@ultradns.com> To: "Albuquerque, Marcelo M" <marcelo.m.albuquerque@boeing.com>, "Mike Grissom" <mikeyg@igalaxy.net> Cc: <freebsd-questions@freebsd.org> Subject: RE: configuring dummynet/ipfw in bridging mode Message-ID: <3DBB075EEB95944492E127F2B9A96FAF5DD841@ultra-exchange.UltraDNS.com>
next in thread | raw e-mail | index | archive | help
in via is equivalent to "xmit out" and "in recv" you can not use in via = with xmit or recv in the same rule. Here is my own ipfw on icmp blocking. 05100 allow icmp from any to any out xmit fxp0 icmptype 0,8 05200 allow icmp from any to any in recv fxp0 icmptype 0,8 Regards, Patrick Soltani. > -----Original Message----- > From: Albuquerque, Marcelo M [mailto:marcelo.m.albuquerque@boeing.com] > Sent: Wednesday, May 29, 2002 8:29 AM > To: 'Mike Grissom' > Cc: freebsd-questions@freebsd.org > Subject: RE: configuring dummynet/ipfw in bridging mode >=20 >=20 > Thanks Mike. >=20 > The "via fxp1" command worked but only if I am filtering all=20 > packets going > through fxp1. However, what I really need is to filter=20 > packets that are both > received on fxp0 AND transmitted on fxp1. In that case, using=20 > "in recv fxp0" > and "via fxp1" in the same filter will not work (incompatible=20 > commands). >=20 > I'll move this question to the freebsd-net. >=20 > Thanks again. >=20 > -----Original Message----- > From: Mike Grissom [mailto:mikeyg@igalaxy.net] > Sent: Tuesday, May 28, 2002 5:38 PM > To: freebsd-questions@freebsd.org > Subject: Re: configuring dummynet/ipfw in bridging mode >=20 >=20 > With bridge enabled, you cannot use the "out" keyword in the=20 > rules because > say it comes in on say fxp0 and goes out on fxp1, that means=20 > that fxp1 is > actually sending it out so you would use "via fxp1" >=20 > ----- Original Message ----- > From: "Albuquerque, Marcelo M" <marcelo.m.albuquerque@boeing.com> > To: <freebsd-questions@FreeBSD.ORG> > Sent: Tuesday, May 28, 2002 5:14 PM > Subject: configuring dummynet/ipfw in bridging mode >=20 >=20 > > I am using FreeBSD 4.5 and have 3 NIC cards installed.=20 > Traffic is being > > bridged between the three interfaces. I am trying to=20 > configure ipfw such > > that I can have different impairments (delay, losses,=20 > etc..) between each > > possible pair of NIC cards. It seems to be a simple setup=20 > but I'm having > > problems getting it to work. The following is my testbed setup: > > > > ___________________ > > | =20 > | > > 192.168.1.1 ------------ | FreeBSD 4.5 Bridge |=20 > ------------ > > 192.168.1.2 > > |___________________| > > | > > | > > 192.168.1.3 > > > > The following command works fine: ' ipfw add 100 deny ip=20 > from any to > any > > in recv fxp0 ' > > The result is that when I ping from or to the ip address=20 > connected to fxp0 > > it will timeout. > > > > I expected the same to happen with the following command: =20 > ' ipfw add > 100 > > deny ip from any to any out xmit fxp0 ' > > The result is that pings from or to the ip address=20 > connected to fxp0 are > > successful. The same happens if I replace 'xmit' with 'recv' > > > > My ultimate goal is to use the following command: ' ipfw=20 > add 100 deny > ip > > from any to any out recv fxp0 xmit fxp0 ' > > This will also fail like in the previous case, even though=20 > this command is > > shown as an example in the ipfw(8) documentation. This will=20 > allow me to > have > > a set of impairments for each pair of NICs, in each direction. > > > > The same thing happen if a pipe is created and configured=20 > with impairments > > such as a 100ms delay. > > > > Can anyone help me figure out what is wrong with my=20 > setup/configuration. > > > > Thanks. > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DBB075EEB95944492E127F2B9A96FAF5DD841>