From owner-freebsd-questions  Sat Nov 24 15: 0:43 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mauibuilt.com (mauibuilt.com [205.166.249.50])
	by hub.freebsd.org (Postfix) with ESMTP id 4D4E237B405
	for <freebsd-questions@FreeBSD.ORG>; Sat, 24 Nov 2001 15:00:40 -0800 (PST)
Received: from mauibuilt.com (puga@puga.mauibuilt.com [205.166.10.2])
	by mauibuilt.com (8.11.6/8.11.6) with ESMTP id fAON0PP28871;
	Sat, 24 Nov 2001 13:00:25 -1000 (HST)
	(envelope-from puga@mauibuilt.com)
Message-ID: <3C002685.AE3A0D1@mauibuilt.com>
Date: Sat, 24 Nov 2001 13:00:22 -1000
From: Richard Puga <puga@mauibuilt.com>
Reply-To: puga@mauibuilt.com
Organization: Maui Built Machines
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Dru <genisis@istar.ca>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: IPFW/VLAN
References: <20011124082416.R76925-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Yes I do have the vlan entry in my kernel. I have tried it with and without.

The MTU of the fxp cards it set to its new default of 1500 (as of 4.4) and
curiously enough
can not be set higher as the maximum length of an ether net packet is 1518.

The bridge passes the 802.1q packets just fine and I can view them with
tcpdump.

it seems that ipfw ignores them, either treating them as a malformed ether
net packet or one that
is not ip.. im not sure that's just a guess..

Thanks for your reply

Richard Puga
puga@mauibuilt.com

Dru wrote:

> On Fri, 23 Nov 2001, Chuck Root wrote:
>
> > I am trying to use a freebsd box with 2 fxp NIC's in it as a firewall
> > between 2 points on a 802.1q tagged vlan trunk.
> >
> > I am bridging the interfaces using the BRIDGING option in the kernel and
> > I am using ipfw to filter pakets.
> >
> > The bridge and ipfw work fine with normal pakets but the ones with
> > 802.1q tages slip right on by.
> >
> > is there any way to do this?
> >
> > I have tried bridging the vlans them selfs with no luck.
>
> Hi Richard,
>
> Do you have the following line in your kernel config file?
>
> pseudo-device vlan 2
>
> Also, what is the MTU on the fxps?
>
> HTH,
>
> Dru


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message