From owner-freebsd-ipfw@FreeBSD.ORG  Mon Sep 15 12:31:35 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 311A016A4BF
	for <freebsd-ipfw@freebsd.org>; Mon, 15 Sep 2003 12:31:35 -0700 (PDT)
Received: from mail.cta.ro (mail.cta.ro [217.156.120.17])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 761BB43F93
	for <freebsd-ipfw@freebsd.org>; Mon, 15 Sep 2003 12:31:32 -0700 (PDT)
	(envelope-from daniel@guitar.ro)
Received: from COSTI ([217.73.166.72])
	by mail.cta.ro (8.11.6/8.11.6) with SMTP id h8FJWYt17677
	for <freebsd-ipfw@freebsd.org>; Mon, 15 Sep 2003 22:32:35 +0300
MIME-Version: 1.0
Message-Id: <3F661392.000001.01980@COSTI>
Date: Mon, 15 Sep 2003 22:31:30 +0300 (E. Europe Daylight Time)
Content-Type: Multipart/related;
  type="multipart/alternative";
  boundary="------------Boundary-00=_IWS9QL80000000000000"
X-Mailer: IncrediMail 2001 (1850924)
From: "daniel@guitar.ro" <daniel@guitar.ro>
References: <3F65F83E.2050908@tenebras.com>
X-FID: BA285063-5BCE-11D4-AF8D-0050DAC67E11
X-FVER: 
X-FIT: 
X-FCOL: 
X-FCAT: 
X-FDIS: 
X-BG: <564A579D-CC9A-4396-9D6E-C61FA7BCFA8D>
X-BGT: repeat
X-BGC: #eff3f7
X-BGPX: left
X-BGPY: 0px
X-ASN: ANIM3D00-NONE-0000-0000-000000000000
X-ASNF: 0
X-ASH: ANIM3D00-NONE-0000-0000-000000000000
X-ASHF: 1
X-AN: 6486DDE0-3EFD-11D4-BA3D-0050DAC68030
X-ANF: 0
X-AP: 6486DDE0-3EFD-11D4-BA3D-0050DAC68030
X-APF: 1
X-AD: C3C52140-4147-11D4-BA3D-0050DAC68030
X-ADF: 0
X-AUTO: X-ASN,X-ASH,X-AN,X-AP,X-AD
X-CNT: ;
X-Priority: 3
To: <freebsd-ipfw@freebsd.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
Subject: Re: ipfw2
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Sep 2003 19:31:35 -0000


--------------Boundary-00=_IWS9QL80000000000000
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Another issue : is ipfw / ipfw2 not working with "fwd" if the computer is
acting as a bridge?=0D
=0D
[bridge /]7# sysctl -a | grep ipfw=0D
net.link.ether.bridge_ipfw: 1=0D
net.link.ether.bridge_ipfw_drop: 0=0D
net.link.ether.bridge_ipfw_collisions: 0=0D
net.link.ether.ipfw: 1=0D
[bridge /]8#=0D
=0D
[bridge /]9# ipfw -a l | grep 193.213.153=0D
00010              0                     0 fwd 217.156.120.41 ip from 193
213.153.0/24 to any=0D
00011        3805         172520 deny tcp from 193.213.153.0/24 to any =0D
[bridge /]10#=0D
=0D
[bridge /]9# uname -a=0D
FreeBSD bridge.something.net 5.1-RELEASE FreeBSD 5.1-RELEASE #5: Wed Aug =
20
01:25:19 EEST 2003     root@bridge.something.net:/usr/src/sys
altq/i386/compile/SMP  i386=0D
[bridge /]10#=0D
=0D
=0D
So, the first rule doesn't work, the second works. Why's that ?=0D
=0D
=0D
Dan Caescu=0D
 =0D
-------Original Message-------=0D
 =0D
From: Michael Sierchio=0D
Date: Monday, September 15, 2003 8:36:46 PM=0D
To: Sean Hafeez=0D
Cc: freebsd-ipfw@freebsd.org=0D
Subject: Re: ipfw2=0D
 =0D
Sean Hafeez wrote:=0D
> I am having a hard time figuring something out about IPFW2. I am =0D
> currently using a built of 4.8 with IPFW and DUMMYNET as a rateshapping=
 =0D
> router. I have tried to build a kernel with the IPFW2 options but then =
I =0D
> seem to have issues with using DUMMYNET. The ipfw pipe comments give =0D
> errors and core dumps. Am I missing something?=0D
=0D
USING IPFW2 IN FreeBSD-STABLE=0D
ipfw2 is standard in FreeBSD CURRENT, whereas FreeBSD STABLE still uses=0D
ipfw1 unless the kernel is compiled with options IPFW2, and /sbin/ipfw=0D
and /usr/lib/libalias are recompiled with -DIPFW2 and reinstalled (the=0D
same effect can be achieved by adding IPFW2=3DTRUE to /etc/make.conf befo=
re=0D
a buildworld).=0D
=0D
# echo "IPFW2=3D YES" >> /etc/make.conf=0D
# cd /usr/src/lib/libalias=0D
# make clean && make && make install && make clean=0D
# cd /usr/src/sbin/ipfw=0D
# make clean && make && make install && make clean=0D
=0D
-- =0D
=0D
"Well," Brahma said, "even after ten thousand explanations, a fool is no=0D
wiser, but an intelligent man requires only two thousand five hundred."=0D
- The Mahabharata=0D
=0D
_______________________________________________=0D
freebsd-ipfw@freebsd.org mailing list=0D
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw=0D
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"=0D
=2E=20
--------------Boundary-00=_IWS9QL80000000000000--