From owner-freebsd-net@FreeBSD.ORG  Wed May  3 20:19:44 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 76D1616A521
	for <freebsd-net@freebsd.org>; Wed,  3 May 2006 20:19:44 +0000 (UTC)
	(envelope-from vulture@netvulture.com)
Received: from rackman.netvulture.com
	(adsl-63-197-17-60.dsl.snfc21.pacbell.net [63.197.17.60])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6831D43D78
	for <freebsd-net@freebsd.org>; Wed,  3 May 2006 20:19:40 +0000 (GMT)
	(envelope-from vulture@netvulture.com)
Received: from [127.0.0.1] (host73.netvulture.com [208.201.244.73])
	(authenticated bits=0)
	by rackman.netvulture.com (8.13.5/8.13.5) with ESMTP id k43KIoMt033342; 
	Wed, 3 May 2006 13:18:52 -0700 (PDT)
Message-ID: <4459101F.1000509@netvulture.com>
Date: Wed, 03 May 2006 13:18:39 -0700
From: Jonathan Feally <vulture@netvulture.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: .@babolo.ru, freebsd-net@freebsd.org, rizzo@icir.org
X-Priority: 1 (Highest)
References: <1146644218.976446.80586.nullmailer@cicuta.babolo.ru>
In-Reply-To: <1146644218.976446.80586.nullmailer@cicuta.babolo.ru>
X-MailScanner-Information: Please contact your system administrator for more
	information
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-1.895,
	required 2.5, ALL_TRUSTED -2.82, AWL -0.30, HOT_NASTY 0.59,
	HTML_20_30 0.50, HTML_MESSAGE 0.00, HTML_TITLE_EMPTY 0.04,
	X_PRIORITY_HIGH 0.09)
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: 
Subject: Re: Having a problem with getting ipfw fwd to work with vlans and
 bge - 6.1-RC1 amd64
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 May 2006 20:19:47 -0000

Good to know about the mtu, however I'm still having the same problem 
with a Pro/1000 em0. I have only tagged vlans running on em0 and the 
admin vlan (1) running untagged on bge0. The only 2 networks in play are 
900 and 902. I'm not even working on packets from the lans passing 
through yet. Just trying to get my pings from outside to leave on the 
corresponding vlans back towards the correct gateway/router. If the ipfw 
fwd feature to reroute outgoing packets to a different router is broken 
- then this would be considered a show stopper for 6.1-RELEASE in my 
mind. I hope Luigi can chime in here with some ideas to try or debuging 
that can be done.

Complete Machine Specs.
Asus K8N-LR
    Has 2 onboard broadcom nics (bge0 + bge1)
    Has Onboard ATI Rage XL Video.
2GB Ram
AMD 4200+ X2
Using onboard NVidia MediaShield Raid w/ 4 250GB Segate Drives. RAID10
Add In Pro/1000 NIC (em0)

Running 6.1-RC/amd64 as of 5/1/06 from cvsup of 6_RELENG

Is there anybody else out there that has used the ipfw fwd feature to do 
what I'm doing - and have you tried it on the 6 Branch?

Need some answers soon - Please help!

Thanks, -Jon


.@babolo.ru wrote:

>[ Charset ISO-8859-1 unsupported, converting... ]
>  
>
>>Hello,
>>I have setup a new firewall and I'm having trouble with it. Perhaps the 
>>bge is to blame, perhaps its something else.
>>I'll explain my setup, problem and the workaround to get it going.
>>
>>Box connects to 2 Internal Lans and 2 External Wans.
>>
>>Vlans are mixed untagged and tagged on a single bge0
>>
>>Vlan   Network             Desc
>>1      10.255.1.0/24       Admin Lan - No Vlan Tagging
>>2      10.255.2.0/24       VoIP Lan
>>900    67.xxx.xxx.128/27   Internet A - Default Route - Going to be pure 
>>VoIP only - thus 10.255.2 boxes get 1:1 NAT to 67.xxx.xxx
>>902    208.xxx.xxx.48/28   Internet B - Web Services
>>
>>1st problem I ran into was pings from vlan 2 through natd to vlan 900 
>>were not coming back. I could see the packet enter vlan2 - leave and 
>>return on vlan900 - but go nowhere. I tried a tcpdump on bge0 and the 
>>pings started coming back. Leading me to putting promisc on my ifconfig bge0
>>
>>Now I'm trying to setup up a simple web server on an IP from vlan 902 in 
>>combination with fwd rule # 999 to route packets from a vlan902 address 
>>back to the router on that internet connection. I try to ping from the 
>>outside and can see the icmp echo request. But the replies keep getting 
>>sent out vlan900 to the other internet router.
>>
>>Hopefully somebody can point me in the right direction. If its the bge, 
>>then I can replace it with some em. If its an issue with mixing native 
>>vlan and tagged, I can tag everything, If its not me, then who can help 
>>getting the code fixed?
>>
>>I have put my ifconfig, ipfw rules and natd.conf's below.
>>    
>>
>Don't know about FreeBSD 6, in FreeBSD 4 you need mtu = 1504
>for mtu = 1500 on vlans to work.
>
>This is reason not to use mix tagged/utagged on one bge.
>
>  
>
>>Thanks -Jon
>>
>>---------------------------------------------------------
>>
>>[root@t3031fw ~]# ifconfig -a
>>bge0: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,PPROMISC> mtu 1500
>>        options=18<VLAN_MTU,VLAN_HWTAGGING>
>>        inet6 fe80::215:f2ff:fed0:d898%bge0 prefixlen 64 scopeid 0x1
>>        inet 10.255.1.254 netmask 0xffffff00 broadcast 10.255.1.255
>>        ether 00:15:f2:d0:d8:98
>>        media: Ethernet autoselect (100baseTX <full-duplex>)
>>        status: active
>>bge1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
>>        options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
>>        ether 00:15:f2:40:d8:35
>>        media: Ethernet autoselect (none)
>>        status: no carrier
>>plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
>>lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>>        inet6 ::1 prefixlen 128
>>        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
>>        inet 127.0.0.1 netmask 0xff000000
>>vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>        inet6 fe80::215:f2ff:fed0:d898%vlan2 prefixlen 64 scopeid 0x5
>>        inet 10.255.2.1 netmask 0xffffff00 broadcast 10.255.2.255
>>        ether 00:15:f2:d0:d8:98
>>        media: Ethernet autoselect (100baseTX <full-duplex>)
>>        status: active
>>        vlan: 2 parent interface: bge0
>>vlan900: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>    
>>
>...
>  
>
>>        ether 00:15:f2:d0:d8:98
>>        media: Ethernet autoselect (100baseTX <full-duplex>)
>>        status: active
>>        vlan: 900 parent interface: bge0
>>vlan902: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>        inet6 fe80::215:f2ff:fed0:d898%vlan902 prefixlen 64 scopeid 0x7
>>    
>>
>...
>  
>
>>        ether 00:15:f2:d0:d8:98
>>        media: Ethernet autoselect (100baseTX <full-duplex>)
>>        status: active
>>        vlan: 902 parent interface: bge0
>>    
>>