From owner-freebsd-net@FreeBSD.ORG  Mon Aug 29 05:24:35 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BD24516A41F
	for <freebsd-net@freebsd.org>; Mon, 29 Aug 2005 05:24:35 +0000 (GMT)
	(envelope-from donatas@lrtc.net)
Received: from mail.lrtc.lt (pegasus.lrtc.lt [217.9.240.100])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DEF8943D46
	for <freebsd-net@freebsd.org>; Mon, 29 Aug 2005 05:24:34 +0000 (GMT)
	(envelope-from donatas@lrtc.net)
Received: (qmail 19677 invoked from network); 29 Aug 2005 05:22:09 -0000
Received: from p2p-241-242-ird.vln0.lrtc.net (HELO donatas)
	(d.gendvilas@[217.9.241.242]) (envelope-sender <donatas@lrtc.net>)
	by mail.lrtc.lt (qmail-ldap-1.03) with SMTP
	for <julian@elischer.org>; 29 Aug 2005 05:22:09 -0000
Message-ID: <004001c5ac59$eda111b0$9f90a8c0@donatas>
From: "Donatas" <donatas@lrtc.net>
To: "Julian Elischer" <julian@elischer.org>,
	<freebsd-net@freebsd.org>
References: <026001c59e7a$c6ca69c0$9f90a8c0@donatas>
	<42FBC0AE.8020803@elischer.org>
	<027701c59f02$0eb808a0$9f90a8c0@donatas>
	<42FCF148.5010400@elischer.org>
	<000d01c5a223$53799840$0500a8c0@donatas>
	<4306C04B.4010008@elischer.org>
Date: Mon, 29 Aug 2005 08:24:28 +0300
Organization: AB Lietuvos Radijo ir Televizijos Centras
MIME-Version: 1.0
Content-Type: text/plain;
	charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Cc: 
Subject: Re: routing problem (with corrected scheme)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Donatas <donatas@lrtc.net>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2005 05:24:35 -0000

Good morning,
after comprehensive tests I am glad to inform that your suggestions =
works just fine, so - thanks for help solving our problem.

Truth, i've got one question realated to the exampel rule below:
>ipfw add 1000 fwd ip4 ip from any to any out recv em0 xmit vlan{mumble}

After several tests i have recognized that localy generated packets =
(like icmp traffic) never matches this rule. The problem is in "xmit =
vlan{number}" part. Is it so because of different place of packet input? =
Transit packets come to firewall from ether_demux and passes the rule, =
while localy generated packets come to firewall from ip_input and fails =
on this rule? Using "pass" instead of "fwd" results in the same.


----- Original Message -----=20
From: "Julian Elischer" <julian@elischer.org>
To: "Donatas" <donatas@lrtc.net>
Sent: Saturday, August 20, 2005 8:31 AM
Subject: Re: routing problem (with corrected scheme)


> did my sugestion work?
>