Date: Sat, 10 Oct 2015 21:42:57 +0800 From: Archy Cho <archycho@gmail.com> To: Jim Thompson <jim@netgate.com> Cc: net@freebsd.org, rizzo@iet.unipi.it Subject: Re: Freebsd 10.2 amd64 netmap ipfw Message-ID: <32A72733-2D71-4FBA-93D3-B90BDDD4BFD3@gmail.com> In-Reply-To: <7337D8A6-B708-425B-B5B3-9E8FFBB8C411@gmail.com> References: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com> <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com> <7337D8A6-B708-425B-B5B3-9E8FFBB8C411@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear All Sorry , I would like to ask do netmap with ipfw will only work as a bridge ? ie: +-----------------------+ +---------------------------+ +----------------------+ | Cisco Router A | | Freebsd 10.2 amd64 | | Cisco Router B | | Int Te1/1 | | ix0 connect to Cisco A | | Int Te1/1 | | 10.0.85.1/30 | +-----> | Int Te1/1 | +------> | 10.0.85.2/30 | | | ^-----+ | ix1 connect to Cisco B | ^------+ | | | | | Int Te1/1 | | | +-----------------------+ +---------------------------+ +----------------------+ Do the kipfw with netmap should work as this diagram ? Archy Cho > Archy Cho <archycho@gmail.com> 於 2015年10月10日 下午9:20 寫道: > > Dear Jim and all > > My map as follow: > > +---------------------+ +---------------------------------+ +------------------------+ > | Cisco Router | | Freebsd 10.2 amd64 custom kernel| | Linux box with | > | IP 10.0.85.1/30 | | recompiled with "device netmap" | | IP 172.16.0.1/30 | > | | +--------->+ ix0 = 10.0.85.2/30 | <-----------+ control the Freebsd box > | | | ix1 = down | | via ssh | > | | | igb0 = 172.16.0.2/30 | | | > +---------------------+ +---------------------------------+ +------------------------+ > > 1) I have recompiled the kernel with device netmap > 2) I downloaded the next.zip and compiled got the kipfw and ipfw > 3) I connect via linux box , ssh 172.16.0.2 > > Do anyone advise , how could I enable netmap ipfw to filter traffic from Cisco Router ? > > Archy Cho > >> Jim Thompson <jim@netgate.com <mailto:jim@netgate.com>> 於 2015年10月10日 上午1:14 寫道: >> >> >>> On Oct 9, 2015, at 7:14 AM, Archy Cho <archycho@gmail.com <mailto:archycho@gmail.com>> wrote: >>> >>> I think I must misunderstand something , could anyone send me advise? >>> Or any documents could help to build a NETMAP IPFW firewall box ? >> >> See the last several paragraphs of: >> >> https://github.com/luigirizzo/netmap-ipfw/blob/next/README <https://github.com/luigirizzo/netmap-ipfw/blob/next/README>; >> >> Note that the "telnet localhost 5566" traffic generator hack mentioned in the README doesn't work without a recompile, but you won't need it for running real traffic. >> >> Jim >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32A72733-2D71-4FBA-93D3-B90BDDD4BFD3>