From owner-freebsd-isp Thu Dec 13 8: 6:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20108.mail.yahoo.com (web20108.mail.yahoo.com [216.136.226.45]) by hub.freebsd.org (Postfix) with SMTP id C4E3337B405 for ; Thu, 13 Dec 2001 08:06:54 -0800 (PST) Message-ID: <20011213160654.81416.qmail@web20108.mail.yahoo.com> Received: from [195.223.20.71] by web20108.mail.yahoo.com via HTTP; Thu, 13 Dec 2001 17:06:54 CET Date: Thu, 13 Dec 2001 17:06:54 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: Ipf & Bridging ??? To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all I've done a bridge between Internet and my DMZ: Internet | | Cisco Router | | |rl0 FreeBSD 4.3 Bridge |rl1 | HUB----DMZ The bridge works very well,for example from the DMZ the servers in it can "see" Internet and from internet I can "see" the servers in the DMZ(Public Ip's). The problem is with ipf. If for example we put a simple rule in /etc/ipf.rules like this: block in quick on rl0 in order to block all the traffic going to the DMZ it happens that packets originated from internet they by-pass my bridge/firewall! If you ping for example the bridge they are blocked but if you ping a machine in the dmz it responds! arghhh.. I tried to put the rules for the bridge founded in the Ipfilter based firewalls howto but they didn't work. Any Idea? Isn't ipfilter supported under freebsd? Have I to use ipfw? Many thanks all bye ______________________________________________________________________ Iscriviti al Meglio della Settimana, la newsletter di Yahoo! Per saperne di pił vai alla pagina: http://buongiorno.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message