Date: Fri, 28 Nov 2003 11:21:20 +0100 From: Robert Krasicki <robert@toudi.cisovanet.pl> To: freebsd-ipfw@freebsd.org Subject: bridge problem Message-ID: <20031128102120.GB34837@toudi.cisovanet.pl>
index | next in thread | raw e-mail
Hello,
I have a problem with bridge & outgoing traffic.
Exactly, I can't get ipfw controlling my outgoing traffic from
box acting as a router.
eg.
My external net: 219.122.12.144/28
FreeBSD box router IP: 219.122.12.146 (see ifconfig below)
Rules:
---
ipfw add 100 allow ip from not 219.122.12.144/28 to me in
(the above one works fine). I am able to control incoming traffic.
ipfw add 101 allow ip from me to any out
(ipfw is ignoring this rule.. no traffic is controlled by this one)
ipfw add 102 allow ip from 219.122.12.144/28 to not 219.122.12.144/28 out
(failed, ipfw is ignoring this rule too.. By this rule I meant to
controll traffic from bridged LAN users to Internet)
I found out that I can achieve the same by:
ipfw add 102 allow ip from 219.122.12.144/28 to not 219.122.12.144/28 in via bge0
(It works, so now I controll incoming traffic from users via bge0).
other rules go here ...
The rules are in order as I wrote above.
rule # 100 is the first rule ..(excluding lo ones)
That's ok, but what If I want to control the outgoing traffic from (eg. Web Service)
on 219.122.12.146 ?
T
My settings are as follows:
OS:
---
FreeBSD box.foo.com 5.1-RELEASE-p10 FreeBSD 5.1-RELEASE-p10 #1:
Sysctls:
---
net.inet.ip.fw.one_pass: 1
net.link.ether.bridge_ipfw: 1
net.link.ether.bridge_ipfw_drop: 0
net.link.ether.bridge_ipfw_collisions: 0
net.link.ether.ipfw: 1
net.link.ether.bridge_cfg: bge0:1,ed0:1
net.link.ether.bridge: 1
net.link.ether.bridge_ipfw: 1
net.link.ether.bridge_ipf: 0
net.link.ether.bridge_ipfw_drop: 0
net.link.ether.bridge_ipfw_collisions: 0
Kernel options:
---
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=200
options IPDIVERT
options DUMMYNET
options HZ=1000
options IPFIREWALL_DEFAULT_TO_ACCEPT
ed0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet6 ff80::2d1:23ff:feef:3ad1%ed0 prefixlen 64 scopeid 0x1
inet 219.122.12.146 netmask 0xfffffff0 broadcast 219.122.12.159
inet 219.122.12.149 netmask 0xffffffff broadcast 219.122.12.149
ether 00:c0:26:ef:3a:d4
bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet6 fe80::20c:6eff:fe0f:7a6b%bge0 prefixlen 64 scopeid 0x2
ether 00:0c:6e:0f:7a:6b
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
Thank you for help!
Best Regards,
Jarek
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031128102120.GB34837>