ipfw2 question
. at babolo.ru
. at babolo.ru
Fri Jul 1 09:57:35 GMT 2005
[ Charset ISO-8859-1 unsupported, converting... ]
> sad, but
> ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000
> ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000
> doesn't seems to work :(
>
> i've noticed if in one ipfw rule i describe directions on two interfaces - rule doesn't work...
> example:
> simplified test machine:
> remote icmp 8--------fxp0[vlan10]---rl0----------remote icmp2
>
> "log ip from any to any" shows:
> accept icmp:8.0 10.10.10.2 192.168.144.254 in via vlan10
> accept icmp:8.0 10.10.10.2 192.168.144.254 out via rl0
> accept icmp:2.0 192.168.144.254 10.10.10.2 in via rl0
> accept icmp:2.0 192.168.144.254 10.10.10.2 out via vlan10
>
>
> so, 2 rules should be enough
> ipfw add pass all from any to any in via vlan10 out via rl0
> ipfw add pass all from any to any in via rl0 out via vlan10
> packets do not pass through these rules...
> of course "via" can be changed to "recv" or "xmit" accordingly, but i don't think i makes any sense
You are mistaken.
Do I wrote you literally except interface names.
> for creating a pipe between vlan10 and rl0 i cannot base on something working like:
> ipfw add pipe 1 all from any to any via vlan10, because it is not suitable in my case...
> > ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000
> > ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000
> >
> > or may be better (not exact your ask)
> >
> > ipfw add pipe 1 ip from any to any in recv vlan10
> > ipfw add pipe 2 ip from any to any in recv vlan11
More information about the freebsd-net
mailing list