From owner-freebsd-net  Tue Oct 22 11:27:49 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5C80437B401; Tue, 22 Oct 2002 11:27:48 -0700 (PDT)
Received: from carp.icir.org (carp.icir.org [192.150.187.71])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id E061643E4A; Tue, 22 Oct 2002 11:27:47 -0700 (PDT)
	(envelope-from rizzo@carp.icir.org)
Received: from carp.icir.org (localhost [127.0.0.1])
	by carp.icir.org (8.12.3/8.12.3) with ESMTP id g9MIRlpJ034010;
	Tue, 22 Oct 2002 11:27:47 -0700 (PDT)
	(envelope-from rizzo@carp.icir.org)
Received: (from rizzo@localhost)
	by carp.icir.org (8.12.3/8.12.3/Submit) id g9MIRl66034009;
	Tue, 22 Oct 2002 11:27:47 -0700 (PDT)
	(envelope-from rizzo)
Date: Tue, 22 Oct 2002 11:27:47 -0700
From: Luigi Rizzo <rizzo@icir.org>
To: CHOI Junho <cjh@kr.FreeBSD.org>
Cc: freebsd-net@FreeBSD.ORG, cjh@FreeBSD.ORG
Subject: Re: bridge + ipfw fwd?
Message-ID: <20021022112747.B33933@carp.icir.org>
References: <20021022.183626.122873841.cjh@kr.FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20021022.183626.122873841.cjh@kr.FreeBSD.org>; from cjh@kr.FreeBSD.org on Tue, Oct 22, 2002 at 06:36:26PM +0900
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

layer-2 forwaed is not supported, and the reason is that forwarding
occurs at a different layer.
One way to implement this feature is the following:
  + in bdg_forward(), when a packet matches a "forward" action,
    somehow mark the packet as having a local destination
    (e.g. overwrite the MAC DST address) and pass it to
    ether_input
this requires a bit of care to avoid loops, i think.

	cheers
	luigi

On Tue, Oct 22, 2002 at 06:36:26PM +0900, CHOI Junho wrote:
> 
> Hi,
> 
> I found packet forwarding by 'ipfw fwd' doesn't work for bridged
> configuration - linking 2 ethernet cards. I use bridged firewall for
> our office network, I tried to configure transparent proxy in the
> level of firewall.
> 
> I looked the code contains bdg_forward() in sys/, but I found only it
> is not implemented at least in 4.7. Is there any patches for
> implementing it or still it is to-do features? Or do we have a
> reason why bridge+ipfw fwd is impossible?
> 
> p.s. Please keep me on Cc:.
> 
> --
> CHOI Junho <http://www.kr.FreeBSD.org/~cjh>          <cjh at kr.FreeBSD.org>
> FreeBSD Project <cjh at FreeBSD.org>        Web Data Bank <cjh at wdb.co.kr>
> Key fingerprint = 1369 7374 A45F F41A F3C0  07E3 4A01 C020 E602 60F5
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message