From owner-freebsd-net@FreeBSD.ORG  Fri Sep 30 07:35:28 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 033BB16A41F
	for <freebsd-net@freebsd.org>; Fri, 30 Sep 2005 07:35:28 +0000 (GMT)
	(envelope-from lists@yazzy.org)
Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9478E43D4C
	for <freebsd-net@freebsd.org>; Fri, 30 Sep 2005 07:35:27 +0000 (GMT)
	(envelope-from lists@yazzy.org)
Received: from 217-13-2-82.dd.nextgentel.com ([217.13.2.82] helo=marcin)
	by mail.yazzy.org with esmtps (TLSv1:AES256-SHA:256)
	(YazzY.org) id 1ELFQ0-0005vT-A0; Fri, 30 Sep 2005 09:34:58 +0200
Date: Fri, 30 Sep 2005 09:35:21 +0200
From: Marcin Jessa <lists@yazzy.org>
To: Ganbold <ganbold@micom.mng.net>
Message-Id: <20050930093521.5a17affd.lists@yazzy.org>
In-Reply-To: <6.2.1.2.2.20050930151357.03480eb0@202.179.0.80>
References: <6.2.1.2.2.20050930151357.03480eb0@202.179.0.80>
Organization: YazzY.org
X-Mailer: Sylpheed version 2.0.0 (GTK+ 2.6.8; i386-portbld-freebsd7.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.5 (--)
Cc: freebsd-net@freebsd.org
Subject: Re: ipfw bridge + fwd questions
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2005 07:35:28 -0000

On Fri, 30 Sep 2005 15:39:49 +0900
Ganbold <ganbold@micom.mng.net> wrote:

> Hi,
> 
> I have a question regarding ipfw fwd rule.
> I'm using FreeBSD 5.4-STABLE and running on it bridging firewall
> using ipfw.
> 
> Now my question comes:)
> Can I use ipfw fwd rules against traffic coming to one of the bridged 
> interfaces?
Yes you can.
sysctl net.link.ether.bridge_ipfw=1 just like in your sysctl variables.

> I would like to forward some packets (which are destined to port
> 110)
> to some other router through third vr0 interface.
Use a divert rule for that.

In this example we send all the port 80 traffic to port 8000:
# ipfw add 1000 divert 8000 tcp from any to any 80
Read this article for more info:
http://freebsd.rogness.net/snort_inline/

Cheers
Marcin.