From owner-freebsd-net@FreeBSD.ORG  Fri Sep 30 06:39:58 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3983716A41F
	for <freebsd-net@freebsd.org>; Fri, 30 Sep 2005 06:39:58 +0000 (GMT)
	(envelope-from ganbold@micom.mng.net)
Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3B0BA43D4C
	for <freebsd-net@freebsd.org>; Fri, 30 Sep 2005 06:39:56 +0000 (GMT)
	(envelope-from ganbold@micom.mng.net)
Received: from [202.179.0.164] (helo=ganbold.micom.mng.net)
	by publicd.ub.mng.net with esmtpa (Exim 4.53 (FreeBSD))
	id 1ELEZM-000F8K-NL
	for freebsd-net@freebsd.org; Fri, 30 Sep 2005 14:40:32 +0800
Message-Id: <6.2.1.2.2.20050930151357.03480eb0@202.179.0.80>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2
Date: Fri, 30 Sep 2005 15:39:49 +0900
To: freebsd-net@freebsd.org
From: Ganbold <ganbold@micom.mng.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: ipfw bridge + fwd questions
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2005 06:39:58 -0000

Hi,

I have a question regarding ipfw fwd rule.
I'm using FreeBSD 5.4-STABLE and running on it bridging firewall using ipfw.

Now my question comes:)
Can I use ipfw fwd rules against traffic coming to one of the bridged 
interfaces?
I would like to forward some packets (which are destined to port 110) to 
some other router through third vr0 interface.
This is because we have 2 upstream providers and one of the providers is 
filtering some ports and
I would like to forward such packets to the other provider.

In other words I would like to do something like:

ipfw add fwd z.z.z.z ip from x.x.x.0/19 to any dst-port 25,110

Is it possible? Should z.z.z.z address be included in the routing table of 
the machine or it doesn't matter?

I appreciate if somebody can give me some direction and advice.

thanks in advance,

Ganbold


#######################################
sysctl variables I use:
-----------------------------------------------
net.link.ether.bridge_cfg=xl0:0,xl1:0
net.link.ether.bridge_ipfw=1
net.link.ether.bridge.enable=1
net.inet.ip.fw.one_pass=0

ifconfig output:
-----------------------------------------------
xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
         options=9<RXCSUM,VLAN_MTU>
         ether 00:10:5a:5b:e5:e3
         media: Ethernet 100baseTX <full-duplex>
         status: active
xl1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
         options=9<RXCSUM,VLAN_MTU>
         ether 00:04:76:dc:7f:d1
         media: Ethernet 100baseTX <full-duplex>
         status: active
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         inet x.x.x.x netmask 0xffffffe0 broadcast x.x.x.x