From owner-freebsd-questions@FreeBSD.ORG  Mon Dec  1 12:51:42 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DBD941065672
	for <freebsd-questions@freebsd.org>;
	Mon,  1 Dec 2008 12:51:42 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227])
	by mx1.freebsd.org (Postfix) with ESMTP id 5968E8FC16
	for <freebsd-questions@freebsd.org>;
	Mon,  1 Dec 2008 12:51:41 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
	by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id mB1Cpexl070958;
	Mon, 1 Dec 2008 23:51:40 +1100 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Mon, 1 Dec 2008 23:51:40 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Brett Davidson <brett@net24.co.nz>
In-Reply-To: <20081201120023.9E1821065688@hub.freebsd.org>
Message-ID: <20081201233222.L34249@sola.nimnet.asn.au>
References: <20081201120023.9E1821065688@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-questions@freebsd.org
Subject: Re: Is there anything weird I should know about using ipfw on alias
 addresses?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2008 12:51:42 -0000

On Mon, 01 Dec 2008 16:52:12 +1300 Brett Davidson <brett@net24.co.nz> wrote:

 > ifconfig shows the alias addresses correctly bound.
 > Creating an ipfw rule and testing it from the command line works 
 > (connects out from master address, not alias)
 > 
 >  From website on alias address, the firewall blocks the packets.
 >
 > The weird thing is that it tags them (in the security log) as coming 
 > from the master address (not the alias) out the correct interface. In a 
 > normal world that would mean the packet would match!!!!!
 > 
 > What's goin' on here Willis?

Difficult to tell without seeing a) ifconfig b) netstat -rn c) at least 
the relevant firewall rule/s and d) log entries that illustrate your 
problem.  Obscure sensitive information by all means, but otherwise 
pretend we haven't the slightest clue how your system is configured :)

cheers, Ian