From owner-freebsd-net@FreeBSD.ORG Fri Sep 30 07:43:59 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B2BF16A41F for ; Fri, 30 Sep 2005 07:43:59 +0000 (GMT) (envelope-from david.mao@thomson.net) Received: from dmzraw5.extranet.tce.com (dmzraw5.extranet.tce.com [157.254.234.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4FA243D53 for ; Fri, 30 Sep 2005 07:43:58 +0000 (GMT) (envelope-from david.mao@thomson.net) Received: from indyvss2.am.thmulti.com (unknown [157.254.92.61]) by dmzraw5.extranet.tce.com (Postfix) with ESMTP id D38AA100E; Fri, 30 Sep 2005 07:43:57 +0000 (GMT) Received: from localhost (localhost [127.0.0.1]) by indyvss2.am.thmulti.com (Postfix) with ESMTP id 7CDD327F18; Fri, 30 Sep 2005 07:43:57 +0000 (GMT) Received: from indyvss2.am.thmulti.com ([127.0.0.1]) by localhost (indyvss2 [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 20874-01-64; Fri, 30 Sep 2005 07:43:49 +0000 (GMT) Received: from smtprelay2.indy.tce.com (smtprelay2.indy.tce.com [157.254.96.95]) by indyvss2.am.thmulti.com (Postfix) with ESMTP id DD89327EF6; Fri, 30 Sep 2005 07:43:49 +0000 (GMT) Received: from boulsmailbh02.eu.thmulti.com (localhost [127.0.0.1]) by smtprelay2.indy.tce.com (8.12.9/8.12.8) with ESMTP id j8U7hNhF012397; Fri, 30 Sep 2005 07:43:48 GMT Received: from tahksmail02.ap.thmulti.com ([141.11.12.26]) by boulsmailbh02.eu.thmulti.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 30 Sep 2005 09:43:47 +0200 Received: from tahksmail01.ap.thmulti.com ([141.11.13.38]) by tahksmail02.ap.thmulti.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 30 Sep 2005 15:43:43 +0800 Received: from bjngsmail01.ap.thmulti.com ([10.11.70.35]) by tahksmail01.ap.thmulti.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 30 Sep 2005 15:43:43 +0800 X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Date: Fri, 30 Sep 2005 15:43:41 +0800 Message-ID: <31021C278A7A6B4AB95E9A085C3552181F7608@bjngsmail01> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: ipfw bridge + fwd questions Thread-Index: AcXFkZ3l/Zc8NZfZTNmcawLnsl1F3AAAP7YA From: "Mao Shou Yan" To: "Marcin Jessa" X-OriginalArrivalTime: 30 Sep 2005 07:43:43.0337 (UTC) FILETIME=[AE7ECD90:01C5C592] X-Virus-Scanned: amavisd-new at thomson.net Cc: freebsd-net@freebsd.org Subject: RE: ipfw bridge + fwd questions X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Sep 2005 07:43:59 -0000 NO, fwd can work only on layer 3 packet! -----Original Message----- From: owner-freebsd-net@freebsd.org = [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Marcin Jessa Sent: 2005=C4=EA9=D4=C230=C8=D5 15:35 To: Ganbold Cc: freebsd-net@freebsd.org Subject: Re: ipfw bridge + fwd questions On Fri, 30 Sep 2005 15:39:49 +0900 Ganbold wrote: > Hi, >=20 > I have a question regarding ipfw fwd rule. > I'm using FreeBSD 5.4-STABLE and running on it bridging firewall > using ipfw. >=20 > Now my question comes:) > Can I use ipfw fwd rules against traffic coming to one of the bridged=20 > interfaces? Yes you can. sysctl net.link.ether.bridge_ipfw=3D1 just like in your sysctl = variables. > I would like to forward some packets (which are destined to port > 110) > to some other router through third vr0 interface. Use a divert rule for that. In this example we send all the port 80 traffic to port 8000: # ipfw add 1000 divert 8000 tcp from any to any 80 Read this article for more info: http://freebsd.rogness.net/snort_inline/ Cheers Marcin. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"