Date: Thu, 11 Aug 2005 22:02:00 -0700 From: Glenn Dawson <glenn@antimatter.net> To: "Dan Mahoney, System Admin" <danm@prime.gushi.org>, questions@freebsd.org Subject: Re: 5.4 -- bridging, ipfw, dot1q Message-ID: <6.1.0.6.2.20050811215936.06352aa0@cobalt.antimatter.net> In-Reply-To: <20050812000355.H30784@prime.gushi.org> References: <20050812000355.H30784@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:08 PM 8/11/2005, Dan Mahoney, System Admin wrote: >Okay, here's the situation. PLEASE let me know if there's a better place >to ask. (isp@, kernel@, something) > >I'm setting up a bridging firewall where the packets are passing through >on dot1q trunks. > >The bridge works. Packet counts work (so I assume the bridge at least >sees the packets). > >Problem is, any "reasonable" rules (such as those which actually say to >block traffic by ip or port or anything) aren't working at all. Not even >logging counts. > >Setting the "bridged" flag doesn't seem to help. Which "bridged" flag would that be? >My only guess is that ipfw doesn't have the brains to look beyond the VLAN >tags. Is this the case? Is this supported under 4.x, or is there any way >AT ALL that I can get this to work? What version are you using? You mention 4.x here, but your subject line suggests 5.4. >As a note, snort and trafshow and everything else work fine analyzing the >bridge traffic, it seems only the kernel has an issue. Do you have the net.link.ether.bridge_ipfw sysctl set to 1? -Glenn >-- > >"Of course she's gonna be upset! You're dealing with a woman here Dan, >what the hell's wrong with you?" > >-S. Kennedy, 11/11/01 > >--------Dan Mahoney-------- >Techie, Sysadmin, WebGeek >Gushi on efnet/undernet IRC >ICQ: 13735144 AIM: LarpGM >Site: http://www.gushi.org >--------------------------- > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.1.0.6.2.20050811215936.06352aa0>