Date: Fri, 30 Sep 2005 15:39:49 +0900 From: Ganbold <ganbold@micom.mng.net> To: freebsd-net@freebsd.org Subject: ipfw bridge + fwd questions Message-ID: <6.2.1.2.2.20050930151357.03480eb0@202.179.0.80>
next in thread | raw e-mail | index | archive | help
Hi,
I have a question regarding ipfw fwd rule.
I'm using FreeBSD 5.4-STABLE and running on it bridging firewall using ipfw.
Now my question comes:)
Can I use ipfw fwd rules against traffic coming to one of the bridged
interfaces?
I would like to forward some packets (which are destined to port 110) to
some other router through third vr0 interface.
This is because we have 2 upstream providers and one of the providers is
filtering some ports and
I would like to forward such packets to the other provider.
In other words I would like to do something like:
ipfw add fwd z.z.z.z ip from x.x.x.0/19 to any dst-port 25,110
Is it possible? Should z.z.z.z address be included in the routing table of
the machine or it doesn't matter?
I appreciate if somebody can give me some direction and advice.
thanks in advance,
Ganbold
#######################################
sysctl variables I use:
-----------------------------------------------
net.link.ether.bridge_cfg=xl0:0,xl1:0
net.link.ether.bridge_ipfw=1
net.link.ether.bridge.enable=1
net.inet.ip.fw.one_pass=0
ifconfig output:
-----------------------------------------------
xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
ether 00:10:5a:5b:e5:e3
media: Ethernet 100baseTX <full-duplex>
status: active
xl1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
ether 00:04:76:dc:7f:d1
media: Ethernet 100baseTX <full-duplex>
status: active
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet x.x.x.x netmask 0xffffffe0 broadcast x.x.x.x
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.1.2.2.20050930151357.03480eb0>