Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 2 Dec 1999 01:37:29 +0100
From:      Eric Cholet <cholet@logilune.com>
To:        Gregory Bond <gnb@itga.com.au>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: ipfw and ip aliases not working?
Message-ID:  <99120201385000.08115@antigone.logilune.com>
References:  <199912012244.JAA01083@lightning.itga.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 

ifconfig output uses 202.53.40.215
ipfw output uses     203.53.40.215
                       ^

:-)
Eric

On Wed, 01 Dec 1999, Gregory Bond wrote:
> Either I'm very confused (not impossible!!) or IPFW is busted.
> 
> I have an interface with 2 ip addresses (we are in the process of changing 
> ISPs...)
> 
> bash-2.03$ ifconfig fxp0
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 192.83.119.129 netmask 0xfffffff0 broadcast 192.83.119.143
>         inet 202.53.40.210 netmask 0xfffffff8 broadcast 202.53.40.215
>         ether 00:90:27:4c:ea:bc 
>         media: autoselect (10baseT/UTP) status: active
>         supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP
> bash-2.03$ 
> 
> I have ipfw rules that are supposed to allow any arbitrary incoming & outgoing
> tcp sessions to this host on either IP address:
> 
> 	15000    13      604 allow tcp from any to 192.83.119.129 via fxp0 setup
> 	15100   869    38236 allow tcp from 192.83.119.129 to any via fxp0 setup
> 	
> 	15800     0        0 allow tcp from any to 203.53.40.210 via fxp0 setup
> 	15900     0        0 allow tcp from 203.53.40.210 to any via fxp0 setup
> 
> 	29000     2       80 deny log tcp from any to any setup
> 
> As you can see, this works for the 192.83 address, but does not work for the 
> 203.53 address, and I get kernel messages like:
> 
> 	Dec  2 09:16:06 ns /kernel: ipfw: 29000 Deny TCP 192.160.13.9:4251 202.53.40.210:25 in via fxp0
> 	Dec  2 09:16:11 ns /kernel: ipfw: 29000 Deny TCP 192.160.13.9:4251 202.53.40.210:25 in via fxp0
> 
> But AFAICT this error message exactly matches rule 15800!
> 
> [The same thing is also happening with UDP packets.]
> 
> Any clues?
> 
> Greg.
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message
--
Eric Cholet


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99120201385000.08115>