Date: Tue, 3 Jul 2007 08:52:39 -0700 (PDT) From: Dave McCammon <davemac11@yahoo.com> To: questions@freebsd.org Subject: if_bridge and ipfw Message-ID: <531110.80275.qm@web32803.mail.mud.yahoo.com>
next in thread | raw e-mail | index | archive | help
I can't seem to grasp why this is working differently.
FreeBSD 6.2 using ipfw + if_bridge
LAN -- em1(if_bridge + ipfw)em0 -- internet
so I am at 10.10.16.6 and try to ping say www.yahoo.com
in ruleset:
1100 allow icmp from any to 10.10.16.0/27{1-10,13,14,19,22,23} icmptypes 0,3,11,12,13,14
2100 allow ip from 10.10.16.0/27 to any in via em1
gets dropped by following rule as shown in logs:
4700 deny log ip from any to any
Log entry: ipfw: 4700 Deny ICMP:8.0 10.10.16.6 69.147.114.210 out via em0
If I add this rule all works great:
2101 allow icmp from 10.10.16.6 to any icmptypes 8
My confusion is shouldn't the icmp be allowed in rule 2100? Or is it with if_bridge I have to make a rule for
both interfaces.
The rule "2100 allow ip from 10.10.16.0/27 to any in via em1" allowed the icmp passage,
out of em0 through the bridge in 6.2 using bridge(4).
This entire ruleset is the same with if_bridge as has been working with bridge(4).
I just moved to if_bridge since the bridge(4) is obsolete.
Thanks for your help.
dave
____________________________________________________________________________________
Get the Yahoo! toolbar and be alerted to new email wherever you're surfing.
http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?531110.80275.qm>