From owner-freebsd-net@FreeBSD.ORG Wed Aug 31 08:26:23 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD03B16A41F for ; Wed, 31 Aug 2005 08:26:23 +0000 (GMT) (envelope-from julian@elischer.org) Received: from smirk.idiom.com (smirk.idiom.com [216.240.32.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D98043D48 for ; Wed, 31 Aug 2005 08:26:23 +0000 (GMT) (envelope-from julian@elischer.org) Received: from squirrelmail.idiom.com (smirk [127.0.0.1]) by smirk.idiom.com (Postfix) with ESMTP id 54EB0AEA759; Wed, 31 Aug 2005 01:26:23 -0700 (PDT) Received: from 216.240.32.1 (proxying for 62.68.178.236) (SquirrelMail authenticated user julian) by smirk.idiom.com with HTTP; Wed, 31 Aug 2005 01:26:23 -0700 (PDT) Message-ID: <3604.216.240.32.1.1125476783.squirrel@smirk.idiom.com> In-Reply-To: <004001c5ac59$eda111b0$9f90a8c0@donatas> References: <026001c59e7a$c6ca69c0$9f90a8c0@donatas> <42FBC0AE.8020803@elischer.org> <027701c59f02$0eb808a0$9f90a8c0@donatas> <42FCF148.5010400@elischer.org> <000d01c5a223$53799840$0500a8c0@donatas> <4306C04B.4010008@elischer.org> <004001c5ac59$eda111b0$9f90a8c0@donatas> Date: Wed, 31 Aug 2005 01:26:23 -0700 (PDT) From: "Julian Elischer" To: "Donatas" User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-net@freebsd.org, Julian Elischer Subject: Re: routing problem (with corrected scheme) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Aug 2005 08:26:24 -0000 > Good morning, > after comprehensive tests I am glad to inform that your suggestions works > just fine, so - thanks for help solving our problem. > > Truth, i've got one question realated to the exampel rule below: >>ipfw add 1000 fwd ip4 ip from any to any out recv em0 xmit vlan{mumble} > > After several tests i have recognized that localy generated packets (like > icmp traffic) never matches this rule. The problem is in "xmit > vlan{number}" part. Is it so because of different place of packet input? > Transit packets come to firewall from ether_demux and passes the rule, > while localy generated packets come to firewall from ip_input and fails locally generated packets do not match recv em0 > this rule? Using "pass" instead of "fwd" results in the same. > > > ----- Original Message ----- > From: "Julian Elischer" > To: "Donatas" > Sent: Saturday, August 20, 2005 8:31 AM > Subject: Re: routing problem (with corrected scheme) > > >> did my sugestion work? >> >