From owner-freebsd-ipfw Wed Dec 1 14:45: 4 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from ns.itga.com.au (ns.itga.com.au [192.83.119.129]) by hub.freebsd.org (Postfix) with ESMTP id 7EB6614E12 for ; Wed, 1 Dec 1999 14:44:58 -0800 (PST) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by ns.itga.com.au (8.9.3/8.9.3) with ESMTP id JAA24628 for ; Thu, 2 Dec 1999 09:44:56 +1100 (EST) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id JAA01083; Thu, 2 Dec 1999 09:44:55 +1100 (EST) Message-Id: <199912012244.JAA01083@lightning.itga.com.au> X-Mailer: exmh version 2.0.1 12/23/97 From: Gregory Bond To: freebsd-ipfw@FreeBSD.ORG Subject: ipfw and ip aliases not working? Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 02 Dec 1999 09:44:55 +1100 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Either I'm very confused (not impossible!!) or IPFW is busted. I have an interface with 2 ip addresses (we are in the process of changing ISPs...) bash-2.03$ ifconfig fxp0 fxp0: flags=8843 mtu 1500 inet 192.83.119.129 netmask 0xfffffff0 broadcast 192.83.119.143 inet 202.53.40.210 netmask 0xfffffff8 broadcast 202.53.40.215 ether 00:90:27:4c:ea:bc media: autoselect (10baseT/UTP) status: active supported media: autoselect 100baseTX 100baseTX 10baseT/UTP 10baseT/UTP bash-2.03$ I have ipfw rules that are supposed to allow any arbitrary incoming & outgoing tcp sessions to this host on either IP address: 15000 13 604 allow tcp from any to 192.83.119.129 via fxp0 setup 15100 869 38236 allow tcp from 192.83.119.129 to any via fxp0 setup 15800 0 0 allow tcp from any to 203.53.40.210 via fxp0 setup 15900 0 0 allow tcp from 203.53.40.210 to any via fxp0 setup 29000 2 80 deny log tcp from any to any setup As you can see, this works for the 192.83 address, but does not work for the 203.53 address, and I get kernel messages like: Dec 2 09:16:06 ns /kernel: ipfw: 29000 Deny TCP 192.160.13.9:4251 202.53.40.210:25 in via fxp0 Dec 2 09:16:11 ns /kernel: ipfw: 29000 Deny TCP 192.160.13.9:4251 202.53.40.210:25 in via fxp0 But AFAICT this error message exactly matches rule 15800! [The same thing is also happening with UDP packets.] Any clues? Greg. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message