ipfw2

daniel at guitar.ro daniel at guitar.ro
Mon Sep 15 12:31:35 PDT 2003 

Another issue : is ipfw / ipfw2 not working with "fwd" if the computer is
acting as a bridge?

[bridge /]7# sysctl -a | grep ipfw
net.link.ether.bridge_ipfw: 1
net.link.ether.bridge_ipfw_drop: 0
net.link.ether.bridge_ipfw_collisions: 0
net.link.ether.ipfw: 1
[bridge /]8#

[bridge /]9# ipfw -a l | grep 193.213.153
00010              0                     0 fwd 217.156.120.41 ip from 193
213.153.0/24 to any
00011        3805         172520 deny tcp from 193.213.153.0/24 to any 
[bridge /]10#

[bridge /]9# uname -a
FreeBSD bridge.something.net 5.1-RELEASE FreeBSD 5.1-RELEASE #5: Wed Aug 20
01:25:19 EEST 2003     root at bridge.something.net:/usr/src/sys
altq/i386/compile/SMP  i386
[bridge /]10#


So, the first rule doesn't work, the second works. Why's that ?


Dan Caescu
 
-------Original Message-------
 
From: Michael Sierchio
Date: Monday, September 15, 2003 8:36:46 PM
To: Sean Hafeez
Cc: freebsd-ipfw at freebsd.org
Subject: Re: ipfw2
 
Sean Hafeez wrote:
> I am having a hard time figuring something out about IPFW2. I am 
> currently using a built of 4.8 with IPFW and DUMMYNET as a rateshapping 
> router. I have tried to build a kernel with the IPFW2 options but then I 
> seem to have issues with using DUMMYNET. The ipfw pipe comments give 
> errors and core dumps. Am I missing something?

USING IPFW2 IN FreeBSD-STABLE
ipfw2 is standard in FreeBSD CURRENT, whereas FreeBSD STABLE still uses
ipfw1 unless the kernel is compiled with options IPFW2, and /sbin/ipfw
and /usr/lib/libalias are recompiled with -DIPFW2 and reinstalled (the
same effect can be achieved by adding IPFW2=TRUE to /etc/make.conf before
a buildworld).

# echo "IPFW2= YES" >> /etc/make.conf
# cd /usr/src/lib/libalias
# make clean && make && make install && make clean
# cd /usr/src/sbin/ipfw
# make clean && make && make install && make clean

-- 

"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent man requires only two thousand five hundred."
- The Mahabharata

_______________________________________________
freebsd-ipfw at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
.

More information about the freebsd-ipfw mailing list