ipfw2 question

dnr dnr at freemail.lt
Thu Jun 30 08:38:32 GMT 2005 

sad, but
ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000
ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000
doesn't seems to work :(

i've noticed if in one ipfw rule i describe directions on two interfaces - rule doesn't work...
example:
simplified test machine:
remote icmp 8--------fxp0[vlan10]---rl0----------remote icmp2

"log ip from any to any" shows:
accept icmp:8.0 10.10.10.2 192.168.144.254 in via vlan10
accept icmp:8.0 10.10.10.2 192.168.144.254 out via rl0
accept icmp:2.0 192.168.144.254 10.10.10.2 in via rl0
accept icmp:2.0 192.168.144.254 10.10.10.2 out via vlan10


so, 2 rules should be enough
ipfw add pass all from any to any in via vlan10 out via rl0
ipfw add pass all from any to any in via rl0 out via vlan10
packets do not pass through these rules...
of course "via" can be changed to "recv" or "xmit" accordingly, but i don't think i makes any sense

for creating a pipe between vlan10 and rl0 i cannot base on something working like:
ipfw add pipe 1 all from any to any via vlan10, because it is not suitable in my case...

>[ Charset ISO-8859-4 unsupported, converting... ]
>> hello,
>> i'm solving such a problem:
>> router with 3 eth i-faces:
>> 
>> em0(vlan10)
>>                     (vlan1000)fxp0
>> em1(vlan11)
>> 
>> I need to split traffic into two pipes
>> pipe1 from vlan10 to vlan1000
>> pipe2 from vlan11 to vlan1000
>> 
>> fxp side supplys traffic to many different subnets
>> em0 is trunk to the world networks
>> em1 is trunk to the national networks
>> so I cannot write these rules in IP level....
>> 
>> doing it in the following way doesn't works...
>> ipfw add pipe1 pass all from any to any via vlan10 in recv vlan1000
>> ipfw add pipe1 pass all from any to any via vlan10 out xmit vlan1000
> ipfw add pipe 1 ip from any to any out recv vlan10 xmit vlan1000
> ipfw add pipe 2 ip from any to any out recv vlan11 xmit vlan1000
> 
> or may be better (not exact your ask)
> 
> ipfw add pipe 1 ip from any to any in recv vlan10
> ipfw add pipe 2 ip from any to any in recv vlan11
> 
>

More information about the freebsd-net mailing list