From owner-freebsd-questions  Thu Jun 13 12:25:47 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from web10003.mail.yahoo.com (web10003.mail.yahoo.com [216.136.130.39])
	by hub.freebsd.org (Postfix) with SMTP id C53E237B400
	for <freebsd-questions@freebsd.org>; Thu, 13 Jun 2002 12:25:44 -0700 (PDT)
Message-ID: <20020613185726.56388.qmail@web10003.mail.yahoo.com>
Received: from [62.84.65.154] by web10003.mail.yahoo.com via HTTP; Thu, 13 Jun 2002 11:57:26 PDT
Date: Thu, 13 Jun 2002 11:57:26 -0700 (PDT)
From: Walid Nehme <walidn@yahoo.com>
Subject: net.inet.ip.fw.one_pass (ipfw , dummynet, Bridge)
To: freebsd questions <freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Dear sirs.
I installed freebsd 4.5 and configured my kernel to work as
a bridge with ipfw and dummynet.
bridge is working cool with dummynet, but 
in documentations all over the internet says that 
net.inet.ip.fw.one_pass if given a "0" value the packages
getting out from the traffic shaper will be reinjected to
continue throught the rules of the firewall. but that is
not happening here.
after shapping i want to specify the ipaddress that would
see the internet. 
the shapper i made for the whole rang that i have
10.20.0.0:255.255.0.0. It should not pass the traffic to
the whole rang because after the shapper i put deny from
any to any.

what is happening is that my machines after the freebsd is
geting the traffic as these packages are collected with the
deny rule, when
 net.inet.ip.fw.one_pass=0.

if changing it to 1 , the machines still get the traffic
but deny rule dont show anything.

Q- How to rule the firewall so that after the shapping the
traffic won't be send to the machines if i didnt include a
pass rule for their IPaddress???


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message