From owner-freebsd-questions Sat Nov 24 16:58:13 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mauibuilt.com (mauibuilt.com [205.166.249.50]) by hub.freebsd.org (Postfix) with ESMTP id 74E3037B405 for ; Sat, 24 Nov 2001 16:58:08 -0800 (PST) Received: from mauibuilt.com (puga@puga.mauibuilt.com [205.166.10.2]) by mauibuilt.com (8.11.6/8.11.6) with ESMTP id fAP0vrP29142; Sat, 24 Nov 2001 14:57:54 -1000 (HST) (envelope-from puga@mauibuilt.com) Message-ID: <3C00420D.71694145@mauibuilt.com> Date: Sat, 24 Nov 2001 14:57:49 -1000 From: Richard Puga Reply-To: puga@mauibuilt.com Organization: Maui Built Machines X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Dru Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW/VLAN References: <20011124190207.I78193-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The vlan traffic passes just fine.. the problem is I cant get ipfw to block it. if I do a tcp dump on fxp0 or fxp1 I see normal paketw with simple 801.1Q #10 in them. its thease packets that ipfw ignores, hence my problem.. Thanks again for your reply Richard Puga puga@mauibuilt.com PS if I do a tcpdump on the vlan interfaces I set up on the bridge I get no traffic.. all the traffic seems to go from fxp0 to fxp1 and if I tell ipfw to block all traffic from fxp0 to fxp1 the 802.1q packets still get through I tried bridging fxp0 to vlan0 and fxp1 to vlan1 and vlan0 to vlan1 yada yada yada.... :) Dru wrote: > On Sat, 24 Nov 2001, Richard Puga wrote: > > > Yes I do have the vlan entry in my kernel. I have tried it with and without. > > > > The MTU of the fxp cards it set to its new default of 1500 (as of 4.4) and > > curiously enough > > can not be set higher as the maximum length of an ether net packet is 1518. > > > > The bridge passes the 802.1q packets just fine and I can view them with > > tcpdump. > > > > it seems that ipfw ignores them, either treating them as a malformed ether > > net packet or one that > > is not ip.. im not sure that's just a guess.. > > > Hi Richard, > > Keep the vlan stuff in your kernel as it's needed; the number after the > pseudo-device represents how many vlans you want to support. > > You should then be able to ifconfig each virtual vlan interface. See "man > ifconfig" and do a search for vlan as you have to set your vlan tag. An > example of the syntax is also given in the updated todo section of number > 3 here: > > http://www.euitt.upm.es/~pjlobo/fbsdvlan.old.html > > You'll probably have to adjust your ipfw ruleset to accomodate these > virtual interfaces so you might want to turn off the firewall first to see > if you can pass the traffic, then adjust your ruleset accordingly. > > Good luck, > > Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message