From owner-freebsd-ipfw Fri Oct 11 12:26:53 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C41B537B401 for ; Fri, 11 Oct 2002 12:26:51 -0700 (PDT) Received: from carp.icir.org (carp.icir.org [192.150.187.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F4FB43E91 for ; Fri, 11 Oct 2002 12:26:51 -0700 (PDT) (envelope-from rizzo@carp.icir.org) Received: from carp.icir.org (localhost [127.0.0.1]) by carp.icir.org (8.12.3/8.12.3) with ESMTP id g9BJQpO2076589; Fri, 11 Oct 2002 12:26:51 -0700 (PDT) (envelope-from rizzo@carp.icir.org) Received: (from rizzo@localhost) by carp.icir.org (8.12.3/8.12.3/Submit) id g9BJQorG076588; Fri, 11 Oct 2002 12:26:50 -0700 (PDT) (envelope-from rizzo) Date: Fri, 11 Oct 2002 12:26:50 -0700 From: Luigi Rizzo To: Dave Dolson Cc: "'freebsd-ipfw@freebsd.org'" Subject: Re: Problem diverting bridged packets Message-ID: <20021011122650.B76519@carp.icir.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from ddolson@sandvine.com on Fri, Oct 11, 2002 at 12:45:35PM -0400 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Oct 11, 2002 at 12:45:35PM -0400, Dave Dolson wrote: > Is anyone aware of an ipfw1 issue with diverting packets from the bridge? > > I'm finding that a rule like the following will cause the packets to be > dropped and not diverted. > # ipfw add 400 accept icmp from 1.1.1.10 to 1.1.1.4 bridge i suppose there are two typos here ? "bridge" is not a valid option, "bridged" is; "accept" has nothing to do with "divert". But if you read the manpage, you should see that divert actions are not supported on bridged packets. cheers luigi > (Addresses 1.1.1.10 and 1.1.1.4 are on opposite sides of the local machine.) > > I'm running -stable 4.6 code, but not quite the latest, so sorry if this is > old news. > 4.6-RELEASE FreeBSD 4.6-RELEASE #7 > > I know that my divert client is working properly because it properly reads > and re-inserts packets for non-divert rules involving packets for the local > host (not bridged). > E.g., this works fine (1.1.1.1 is the local host) > divert 9001 icmp from 1.1.1.10 to 1.1.1.1 > > Thanks, > > David Dolson > Senior Software Engineer > Sandvine Incorporated. > Tel: 519-880-2400 x2737 > www.sandvine.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message