From owner-freebsd-net Sat Apr 17 11: 6:29 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.dynamixweb.com (host01.dynamixweb.com [209.47.109.194]) by hub.freebsd.org (Postfix) with ESMTP id 361B814D63 for ; Sat, 17 Apr 1999 11:06:26 -0700 (PDT) (envelope-from svetzal@icom.ca) Received: from blazer (cr609409-a.pr1.on.wave.home.com [24.112.98.34]) by mail.dynamixweb.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2232.9) id 2G6LC08Z; Sat, 17 Apr 1999 14:07:12 -0400 From: "Steven Vetzal" To: Subject: Dummynet & Bridging Date: Sat, 17 Apr 1999 14:06:45 -0400 Message-ID: <000601be88fd$0ed07b00$7ffea8c0@blazer.pr1.on.wave.home.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greetings, I've been having some fun trying to get dummynet working on a bridging configuration, and was wondering if what I'm trying to do is implemented. I'm doing this on 3.1-RELEASE I have a system set up as a bridge between a 100-Base-T and a 10-Base-T network, the bridging works great, and ipfw rules also seem to work fine through it. The trouble comes in when I try to use dummynet pipes. I've been doing my testing with ping, and the two rules allow bi-directional icmp traffic through the bridge between two particular hosts (and I can tell the rules are used because the counters are incrementing each icmp packet sent) 00600 1211 72660 allow ip from 192.168.254.1 to 192.168.254.132 out xmit mx0 00620 1220 73200 allow ip from 192.168.254.132 to 192.168.254.1 out xmit xl0 Now that I know traffic is working great through the rules, I try adding a "pipe" rule higher up the chain to redirect the packets: ipfw add 500 pipe 1 ip from 192.168.254.1 to 192.168.254.132 out via mx0 The .132 host continues to ping, and tcpdump shows the packet hitting his side of the bridge, hitting the other side of the bridge, the .1 host response hitting the other side of the bridge, but the response doesn't get carried through the bridge back to the source host. Now dummynet(4) says that the ipfw filter is invoked only once on a bridge, on the input path. But my attempt at: ipfw add 500 pipe 1 ip from 192.168.254.1 to 192.168.254.132 in via xl0 and all variations I can think of show no traffic flowing through the rule. Now I'm sure I've got this all confused, but can't find documentation anywhere on how this stuff works... And I'm not even sure it's supposed to. The reason I'm not sure it's supposed to work is because if I set up the following rules: 00500 60 3600 pipe 1 ip from 192.168.254.8 to 192.168.254.132 out 00510 16 960 pipe 2 ip from 192.168.254.132 to 192.168.254.8 in I can ping the _bridge host_ and receive a response and the two rule counters increment as I figure they would. However, bridging has to be working to some degree because the interface I ping is not the one connected to this host! (the interfaced attached to my test host is unnumbered) Anyways, I'm thoroughly confused. Anyone out there have any resources or suggestions for me? Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message