Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 May 2007 05:11:51 -0700 (PDT)
From:      Nicolargo <hennion@alcasat.net>
To:        freebsd-ipfw@freebsd.org
Subject:   IPFW + Bridge + Routing
Message-ID:  <10303574.post@talk.nabble.com>
next in thread | raw e-mail | index | archive | help 

Hi all,

here is y configuration:

        PC3
         |
         |
       FW
      /    \
     /      \
PC1       PC2

FW: FreeBSD 6.2
Interface PC1 and PC2: bridged (172.18.0.254)
Interface PC3: Routed (172.16.1.2)
PC1: 172.18.0.1
PC2: 172.18.0.2
PC3: 172.16.1.1 

Ipfw:
ipfw add 1 allow ip from any to any MAC any any
ipfw add 2 allow ip from any to any

Bridge:
net.link.ether.bridge_cfg: 
net.link.ether.bridge_ipfw: 0
net.link.ether.bridge_ipf: 0
net.link.ether.bridge.config: 
net.link.ether.bridge.enable: 1
net.link.ether.bridge.predict: 1250
net.link.ether.bridge.dropped: 0
net.link.ether.bridge.packets: 1294
net.link.ether.bridge.ipfw_collisions: 0
net.link.ether.bridge.ipfw_drop: 0
net.link.ether.bridge.copy: 0
net.link.ether.bridge.ipfw: 0
net.link.ether.bridge.ipf: 0
net.link.ether.bridge.debug: 0
net.link.ether.bridge.version: 031224
net.link.bridge.ipfw: 1
net.link.bridge.pfil_member: 1
net.link.bridge.pfil_bridge: 1
net.link.bridge.ipfw_arp: 0
net.link.bridge.pfil_onlyip: 1

rc.conf:
cloned_interfaces="bridge0"
ifconfig_bridge0="addm bge0 addm em0 up"
ifconfig_bge0="inet 172.18.0.254 netmask 255.255.255.0"
ifconfig_em0="up"
ifconfig_em2="inet 172.16.1.2 netmask 255.255.255.0"
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"

The problem is the following:
PING PC1 -> PC2 : OK
PING PC2 -> PC1: OK
PING FW -> ANY: OK
PING PC1 -> PC3: NOK
PING PC2 -> PC3: NOK
PING PC3 -> ANY: NOK

During a PING between PC1 and PC3, a tcpdump on the em2 interface shows:
14:10:43.564010 IP 172.18.0.1 > 172.16.1.1: ICMP echo request, id 34831, seq
7993, length 64
14:10:43.564687 IP 172.16.1.1 > 172.18.0.1: ICMP echo reply, id 34831, seq
7993, length 64

but the reply packet is lost in the firewall and never redirected to the
bridge0 interface...

Any idea ?

Nicolas

-- 
View this message in context: http://www.nabble.com/IPFW-%2B-Bridge-%2B-Routing-tf3686063.html#a10303574
Sent from the freebsd-ipfw mailing list archive at Nabble.com.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10303574.post>