Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Jan 2006 00:59:50 GMT
From:      Barry Murphy <barry@unix.co.nz>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/91847: ipfw with vlanX as the device
Message-ID:  <200601160059.k0G0xocN084749@www.freebsd.org>
Resent-Message-ID: <200601160100.k0G10Hfp044099@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         91847
>Category:       misc
>Synopsis:       ipfw with vlanX as the device
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 16 01:00:17 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Barry Murphy
>Release:        FreeBSD 6.0-STABLE
>Organization:
>Environment:
FreeBSD firewall.unix.co.nz 6.0-STABLE FreeBSD 6.0-STABLE #6: Fri Jan 13 00:22:59 NZDT 2006     icepick@firewall.unix.co.nz:/usr/obj/usr/src/sys/FIREWALL  i386
       
>Description:
I've found that ipfw doesn't appear to count or handle vlan traffic via ipfw.
I need it specifically to count vlan traffic as I use a transparent proxy and need it to count all traffic including this.

Using iftop -i vlan18 I see the destination IP and source IP
Using iftop I see the source IP and transparent proxy IP and it's important I don't see the transparent IP but rather the IP external to the network.

|Internet| -- |Firewall| -- |Cisco 3500XL| -- |Network|
>How-To-Repeat:
The cisco has a trunked port on the cisco plugged into the firewall which has a few vlans, eg:
/sbin/ifconfig vlan18 create
/sbin/ifconfig vlan18 inet 60.234.x.x netmask 255.255.255.248 vlan 27 vlandev em1

I've then added an IPFW rule to count traffic going via vlan18 using all possible ways I can think of:
ipfw add count ip from any to any in via vlan18
ipfw add count ip from any to any in recv vlan18
ipfw add count ip from any to any in xmit vlan18

sysctl:
/sbin/sysctl net.link.ether.bridge_ipfw: 1
/sbin/sysctl net.inet.ip.fw.one_pass=0
>Fix:
              
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601160059.k0G0xocN084749>