From owner-freebsd-net@FreeBSD.ORG Sat Sep 18 21:34:46 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 497B316A4CE for ; Sat, 18 Sep 2004 21:34:46 +0000 (GMT) Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id EEC7743D2F for ; Sat, 18 Sep 2004 21:34:45 +0000 (GMT) (envelope-from kfl@xiphos.ca) Received: from [10.0.0.3] ([24.200.150.83]) by VL-MO-MR011.ip.videotron.ca (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0I4900141AJXRN@VL-MO-MR011.ip.videotron.ca> for net@freebsd.org; Sat, 18 Sep 2004 17:33:33 -0400 (EDT) Date: Sat, 18 Sep 2004 17:24:49 -0400 From: Karim Fodil-Lemelin To: net@freebsd.org Message-id: <414CA7A1.7000809@xiphos.ca> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040514 Subject: Strange Bridge Issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 21:34:46 -0000 Hi, I have applied Luigi's patch to a FBSD 4.8 kernel to be able to use fwd rules in ipfw with a BRIDGE. I have to say its a very cool feature. Now, there is two side of this, one good and one that I really need to fix. The good side is it works in this configuration: CLIENT --------(fxp0) BRIDGE1 (fxp1) --------- ROUTER(S) -----------(fxp1) BRIDGE2 (fxp0) ------- SERVER CL:IENT is on the same subnet as BRIDGE1 and SERVER is on the same subnet as BRIDGE2, using ipfw rules like this: reset tcp from any to me XXXX reset tcp from any to me YYYY fwd 127.0.0.1,XXXX tcp from any to any in via fxp0 fwd 127.0.0.1,YYYY tcp from any to any in via fxp1 I get all tcp traffic to be "sucked in" by the fwd rules to a proxy application that goes out to connect from fxp1 (fxp1 has an address for the proxy to bind on). It is then grabbed by another proxy on BRIDGE2 and forwarded to another proxy on port YYYY and it connects to the SERVER just fine. There is only one route, which is default pointing to the closest ROUTER on both bridge. The previous scenario work just fine but if it gets more complicated, with something like this: CLIENT ----- ROUTER(S) ----- BRIDGE1 ----- ROUTER(S) ---- BRIDGE2 ----ROUTER(S) ---- SERVER Here, CLIENT is _not_ on the same subnet as BRIDGE1 and SERVER is _not_ on the same subnet as BRIDGE2. Using the same rules as above, traffic comming from CLIENT goes through the BRIDGE1 _whitout_ being "fwded"!! If anyone could help me to figure at least why tcp packets are going through whitout being sucked in, I would really appreciate. Obviously if you know how to fix this then please let me know :). Regards, Karim.