Date: Mon, 15 Sep 2003 12:37:01 -0700 From: Luigi Rizzo <rizzo@icir.org> To: "daniel@guitar.ro" <daniel@guitar.ro> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw2 Message-ID: <20030915123701.A94252@xorpc.icir.org> In-Reply-To: <3F661392.000001.01980@COSTI>; from daniel@guitar.ro on Mon, Sep 15, 2003 at 10:31:30PM %2B0300 References: <3F65F83E.2050908@tenebras.com> <3F661392.000001.01980@COSTI>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 15, 2003 at 10:31:30PM +0300, daniel@guitar.ro wrote: > Another issue : is ipfw / ipfw2 not working with "fwd" if the computer is > acting as a bridge? no, i think this is documented. I suggest you read the manpage. luigi > [bridge /]7# sysctl -a | grep ipfw > net.link.ether.bridge_ipfw: 1 > net.link.ether.bridge_ipfw_drop: 0 > net.link.ether.bridge_ipfw_collisions: 0 > net.link.ether.ipfw: 1 > [bridge /]8# > > [bridge /]9# ipfw -a l | grep 193.213.153 > 00010 0 0 fwd 217.156.120.41 ip from 193 > 213.153.0/24 to any > 00011 3805 172520 deny tcp from 193.213.153.0/24 to any > [bridge /]10# > > [bridge /]9# uname -a > FreeBSD bridge.something.net 5.1-RELEASE FreeBSD 5.1-RELEASE #5: Wed Aug 20 > 01:25:19 EEST 2003 root@bridge.something.net:/usr/src/sys > altq/i386/compile/SMP i386 > [bridge /]10# > > > So, the first rule doesn't work, the second works. Why's that ? > > > Dan Caescu > > -------Original Message------- > > From: Michael Sierchio > Date: Monday, September 15, 2003 8:36:46 PM > To: Sean Hafeez > Cc: freebsd-ipfw@freebsd.org > Subject: Re: ipfw2 > > Sean Hafeez wrote: > > I am having a hard time figuring something out about IPFW2. I am > > currently using a built of 4.8 with IPFW and DUMMYNET as a rateshapping > > router. I have tried to build a kernel with the IPFW2 options but then I > > seem to have issues with using DUMMYNET. The ipfw pipe comments give > > errors and core dumps. Am I missing something? > > USING IPFW2 IN FreeBSD-STABLE > ipfw2 is standard in FreeBSD CURRENT, whereas FreeBSD STABLE still uses > ipfw1 unless the kernel is compiled with options IPFW2, and /sbin/ipfw > and /usr/lib/libalias are recompiled with -DIPFW2 and reinstalled (the > same effect can be achieved by adding IPFW2=TRUE to /etc/make.conf before > a buildworld). > > # echo "IPFW2= YES" >> /etc/make.conf > # cd /usr/src/lib/libalias > # make clean && make && make install && make clean > # cd /usr/src/sbin/ipfw > # make clean && make && make install && make clean > > -- > > "Well," Brahma said, "even after ten thousand explanations, a fool is no > wiser, but an intelligent man requires only two thousand five hundred." > - The Mahabharata > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > . > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030915123701.A94252>