ipfw2

Luigi Rizzo rizzo at icir.org
Mon Sep 15 12:37:02 PDT 2003 

On Mon, Sep 15, 2003 at 10:31:30PM +0300, daniel at guitar.ro wrote:
> Another issue : is ipfw / ipfw2 not working with "fwd" if the computer is
> acting as a bridge?

no, i think this is documented. I suggest you read the manpage.

	luigi

> [bridge /]7# sysctl -a | grep ipfw
> net.link.ether.bridge_ipfw: 1
> net.link.ether.bridge_ipfw_drop: 0
> net.link.ether.bridge_ipfw_collisions: 0
> net.link.ether.ipfw: 1
> [bridge /]8#
> 
> [bridge /]9# ipfw -a l | grep 193.213.153
> 00010              0                     0 fwd 217.156.120.41 ip from 193
> 213.153.0/24 to any
> 00011        3805         172520 deny tcp from 193.213.153.0/24 to any 
> [bridge /]10#
> 
> [bridge /]9# uname -a
> FreeBSD bridge.something.net 5.1-RELEASE FreeBSD 5.1-RELEASE #5: Wed Aug 20
> 01:25:19 EEST 2003     root at bridge.something.net:/usr/src/sys
> altq/i386/compile/SMP  i386
> [bridge /]10#
> 
> 
> So, the first rule doesn't work, the second works. Why's that ?
> 
> 
> Dan Caescu
>  
> -------Original Message-------
>  
> From: Michael Sierchio
> Date: Monday, September 15, 2003 8:36:46 PM
> To: Sean Hafeez
> Cc: freebsd-ipfw at freebsd.org
> Subject: Re: ipfw2
>  
> Sean Hafeez wrote:
> > I am having a hard time figuring something out about IPFW2. I am 
> > currently using a built of 4.8 with IPFW and DUMMYNET as a rateshapping 
> > router. I have tried to build a kernel with the IPFW2 options but then I 
> > seem to have issues with using DUMMYNET. The ipfw pipe comments give 
> > errors and core dumps. Am I missing something?
> 
> USING IPFW2 IN FreeBSD-STABLE
> ipfw2 is standard in FreeBSD CURRENT, whereas FreeBSD STABLE still uses
> ipfw1 unless the kernel is compiled with options IPFW2, and /sbin/ipfw
> and /usr/lib/libalias are recompiled with -DIPFW2 and reinstalled (the
> same effect can be achieved by adding IPFW2=TRUE to /etc/make.conf before
> a buildworld).
> 
> # echo "IPFW2= YES" >> /etc/make.conf
> # cd /usr/src/lib/libalias
> # make clean && make && make install && make clean
> # cd /usr/src/sbin/ipfw
> # make clean && make && make install && make clean
> 
> -- 
> 
> "Well," Brahma said, "even after ten thousand explanations, a fool is no
> wiser, but an intelligent man requires only two thousand five hundred."
> - The Mahabharata
> 
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
> . 

> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"

More information about the freebsd-ipfw mailing list