From owner-freebsd-bugs@FreeBSD.ORG Mon Jan 16 01:00:19 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6731E16A41F for ; Mon, 16 Jan 2006 01:00:19 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E7E7943D46 for ; Mon, 16 Jan 2006 01:00:18 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0G10H3Z044100 for ; Mon, 16 Jan 2006 01:00:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0G10Hfp044099; Mon, 16 Jan 2006 01:00:17 GMT (envelope-from gnats) Resent-Date: Mon, 16 Jan 2006 01:00:17 GMT Resent-Message-Id: <200601160100.k0G10Hfp044099@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Barry Murphy Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9DCAB16A41F for ; Mon, 16 Jan 2006 00:59:50 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69B9243D46 for ; Mon, 16 Jan 2006 00:59:50 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k0G0xo5i084750 for ; Mon, 16 Jan 2006 00:59:50 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id k0G0xocN084749; Mon, 16 Jan 2006 00:59:50 GMT (envelope-from nobody) Message-Id: <200601160059.k0G0xocN084749@www.freebsd.org> Date: Mon, 16 Jan 2006 00:59:50 GMT From: Barry Murphy To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: misc/91847: ipfw with vlanX as the device X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 01:00:19 -0000 >Number: 91847 >Category: misc >Synopsis: ipfw with vlanX as the device >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 16 01:00:17 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Barry Murphy >Release: FreeBSD 6.0-STABLE >Organization: >Environment: FreeBSD firewall.unix.co.nz 6.0-STABLE FreeBSD 6.0-STABLE #6: Fri Jan 13 00:22:59 NZDT 2006 icepick@firewall.unix.co.nz:/usr/obj/usr/src/sys/FIREWALL i386 >Description: I've found that ipfw doesn't appear to count or handle vlan traffic via ipfw. I need it specifically to count vlan traffic as I use a transparent proxy and need it to count all traffic including this. Using iftop -i vlan18 I see the destination IP and source IP Using iftop I see the source IP and transparent proxy IP and it's important I don't see the transparent IP but rather the IP external to the network. |Internet| -- |Firewall| -- |Cisco 3500XL| -- |Network| >How-To-Repeat: The cisco has a trunked port on the cisco plugged into the firewall which has a few vlans, eg: /sbin/ifconfig vlan18 create /sbin/ifconfig vlan18 inet 60.234.x.x netmask 255.255.255.248 vlan 27 vlandev em1 I've then added an IPFW rule to count traffic going via vlan18 using all possible ways I can think of: ipfw add count ip from any to any in via vlan18 ipfw add count ip from any to any in recv vlan18 ipfw add count ip from any to any in xmit vlan18 sysctl: /sbin/sysctl net.link.ether.bridge_ipfw: 1 /sbin/sysctl net.inet.ip.fw.one_pass=0 >Fix: >Release-Note: >Audit-Trail: >Unformatted: