misc/91847: ipfw with vlanX as the device
Barry Murphy
barry at unix.co.nz
Sun Jan 15 17:00:19 PST 2006
>Number: 91847
>Category: misc
>Synopsis: ipfw with vlanX as the device
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 16 01:00:17 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Barry Murphy
>Release: FreeBSD 6.0-STABLE
>Organization:
>Environment:
FreeBSD firewall.unix.co.nz 6.0-STABLE FreeBSD 6.0-STABLE #6: Fri Jan 13 00:22:59 NZDT 2006 icepick at firewall.unix.co.nz:/usr/obj/usr/src/sys/FIREWALL i386
>Description:
I've found that ipfw doesn't appear to count or handle vlan traffic via ipfw.
I need it specifically to count vlan traffic as I use a transparent proxy and need it to count all traffic including this.
Using iftop -i vlan18 I see the destination IP and source IP
Using iftop I see the source IP and transparent proxy IP and it's important I don't see the transparent IP but rather the IP external to the network.
|Internet| -- |Firewall| -- |Cisco 3500XL| -- |Network|
>How-To-Repeat:
The cisco has a trunked port on the cisco plugged into the firewall which has a few vlans, eg:
/sbin/ifconfig vlan18 create
/sbin/ifconfig vlan18 inet 60.234.x.x netmask 255.255.255.248 vlan 27 vlandev em1
I've then added an IPFW rule to count traffic going via vlan18 using all possible ways I can think of:
ipfw add count ip from any to any in via vlan18
ipfw add count ip from any to any in recv vlan18
ipfw add count ip from any to any in xmit vlan18
sysctl:
/sbin/sysctl net.link.ether.bridge_ipfw: 1
/sbin/sysctl net.inet.ip.fw.one_pass=0
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list