From owner-freebsd-ipfw@FreeBSD.ORG Wed May 9 07:37:05 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B57BF16A400 for ; Wed, 9 May 2007 07:37:05 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id 8E6C513C44B for ; Wed, 9 May 2007 07:37:05 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1HlgjR-000050-3t for freebsd-ipfw@freebsd.org; Wed, 09 May 2007 00:37:05 -0700 Message-ID: <10389739.post@talk.nabble.com> Date: Wed, 9 May 2007 00:37:05 -0700 (PDT) From: Nicolargo To: freebsd-ipfw@freebsd.org In-Reply-To: <1178280974.4148.2.camel@debian.azercell.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: hennion@alcasat.net References: <10303574.post@talk.nabble.com> <1178280974.4148.2.camel@debian.azercell.com> Subject: Re: IPFW + Bridge + Routing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 May 2007 07:37:05 -0000 PC1: Default route to 172.18.0.254 PC3: Default route to 172.16.1.2 Firewall: Default route to 172.18.0.100 (router to Internet) Thanks for your help. Sarkhan Elkhanzade wrote: > > On Thu, 2007-05-03 at 05:11 -0700, Nicolargo wrote: >> Hi all, >> >> here is y configuration: >> >> PC3 >> | >> | >> FW >> / \ >> / \ >> PC1 PC2 >> >> FW: FreeBSD 6.2 >> Interface PC1 and PC2: bridged (172.18.0.254) >> Interface PC3: Routed (172.16.1.2) >> PC1: 172.18.0.1 >> PC2: 172.18.0.2 >> PC3: 172.16.1.1 >> >> Ipfw: >> ipfw add 1 allow ip from any to any MAC any any >> ipfw add 2 allow ip from any to any >> >> Bridge: >> net.link.ether.bridge_cfg: >> net.link.ether.bridge_ipfw: 0 >> net.link.ether.bridge_ipf: 0 >> net.link.ether.bridge.config: >> net.link.ether.bridge.enable: 1 >> net.link.ether.bridge.predict: 1250 >> net.link.ether.bridge.dropped: 0 >> net.link.ether.bridge.packets: 1294 >> net.link.ether.bridge.ipfw_collisions: 0 >> net.link.ether.bridge.ipfw_drop: 0 >> net.link.ether.bridge.copy: 0 >> net.link.ether.bridge.ipfw: 0 >> net.link.ether.bridge.ipf: 0 >> net.link.ether.bridge.debug: 0 >> net.link.ether.bridge.version: 031224 >> net.link.bridge.ipfw: 1 >> net.link.bridge.pfil_member: 1 >> net.link.bridge.pfil_bridge: 1 >> net.link.bridge.ipfw_arp: 0 >> net.link.bridge.pfil_onlyip: 1 >> >> rc.conf: >> cloned_interfaces="bridge0" >> ifconfig_bridge0="addm bge0 addm em0 up" >> ifconfig_bge0="inet 172.18.0.254 netmask 255.255.255.0" >> ifconfig_em0="up" >> ifconfig_em2="inet 172.16.1.2 netmask 255.255.255.0" >> firewall_enable="YES" >> firewall_script="/etc/ipfw.rules" >> >> The problem is the following: >> PING PC1 -> PC2 : OK >> PING PC2 -> PC1: OK >> PING FW -> ANY: OK >> PING PC1 -> PC3: NOK >> PING PC2 -> PC3: NOK >> PING PC3 -> ANY: NOK >> >> During a PING between PC1 and PC3, a tcpdump on the em2 interface shows: >> 14:10:43.564010 IP 172.18.0.1 > 172.16.1.1: ICMP echo request, id 34831, >> seq >> 7993, length 64 >> 14:10:43.564687 IP 172.16.1.1 > 172.18.0.1: ICMP echo reply, id 34831, >> seq >> 7993, length 64 >> >> but the reply packet is lost in the firewall and never redirected to the >> bridge0 interface... >> Any idea ? >> >> Nicolas >> > Post here > "#route print" on FW PC3 PC1 > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > -- View this message in context: http://www.nabble.com/IPFW-%2B-Bridge-%2B-Routing-tf3686063.html#a10389739 Sent from the freebsd-ipfw mailing list archive at Nabble.com.