IPFW + Bridge + Routing

Wed May 9 07:37:05 UTC 2007

PC1: 
Default route to 172.18.0.254

PC3: 
Default route to 172.16.1.2

Firewall: 
Default route to 172.18.0.100 (router to Internet)

Thanks for your help.

Sarkhan Elkhanzade wrote:
> 
> On Thu, 2007-05-03 at 05:11 -0700, Nicolargo wrote:
>> Hi all,
>> 
>> here is y configuration:
>> 
>>         PC3
>>          |
>>          |
>>        FW
>>       /    \
>>      /      \
>> PC1       PC2
>> 
>> FW: FreeBSD 6.2
>> Interface PC1 and PC2: bridged (172.18.0.254)
>> Interface PC3: Routed (172.16.1.2)
>> PC1: 172.18.0.1
>> PC2: 172.18.0.2
>> PC3: 172.16.1.1 
>> 
>> Ipfw:
>> ipfw add 1 allow ip from any to any MAC any any
>> ipfw add 2 allow ip from any to any
>> 
>> Bridge:
>> net.link.ether.bridge_cfg: 
>> net.link.ether.bridge_ipfw: 0
>> net.link.ether.bridge_ipf: 0
>> net.link.ether.bridge.config: 
>> net.link.ether.bridge.enable: 1
>> net.link.ether.bridge.predict: 1250
>> net.link.ether.bridge.dropped: 0
>> net.link.ether.bridge.packets: 1294
>> net.link.ether.bridge.ipfw_collisions: 0
>> net.link.ether.bridge.ipfw_drop: 0
>> net.link.ether.bridge.copy: 0
>> net.link.ether.bridge.ipfw: 0
>> net.link.ether.bridge.ipf: 0
>> net.link.ether.bridge.debug: 0
>> net.link.ether.bridge.version: 031224
>> net.link.bridge.ipfw: 1
>> net.link.bridge.pfil_member: 1
>> net.link.bridge.pfil_bridge: 1
>> net.link.bridge.ipfw_arp: 0
>> net.link.bridge.pfil_onlyip: 1
>> 
>> rc.conf:
>> cloned_interfaces="bridge0"
>> ifconfig_bridge0="addm bge0 addm em0 up"
>> ifconfig_bge0="inet 172.18.0.254 netmask 255.255.255.0"
>> ifconfig_em0="up"
>> ifconfig_em2="inet 172.16.1.2 netmask 255.255.255.0"
>> firewall_enable="YES"
>> firewall_script="/etc/ipfw.rules"
>> 
>> The problem is the following:
>> PING PC1 -> PC2 : OK
>> PING PC2 -> PC1: OK
>> PING FW -> ANY: OK
>> PING PC1 -> PC3: NOK
>> PING PC2 -> PC3: NOK
>> PING PC3 -> ANY: NOK
>> 
>> During a PING between PC1 and PC3, a tcpdump on the em2 interface shows:
>> 14:10:43.564010 IP 172.18.0.1 > 172.16.1.1: ICMP echo request, id 34831,
>> seq
>> 7993, length 64
>> 14:10:43.564687 IP 172.16.1.1 > 172.18.0.1: ICMP echo reply, id 34831,
>> seq
>> 7993, length 64
>> 
>> but the reply packet is lost in the firewall and never redirected to the
>> bridge0 interface...
>> Any idea ?
>> 
>> Nicolas
>> 
> Post here
> "#route print" on FW PC3 PC1
> 
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
> 
> 

-- 
View this message in context: http://www.nabble.com/IPFW-%2B-Bridge-%2B-Routing-tf3686063.html#a10389739
Sent from the freebsd-ipfw mailing list archive at Nabble.com.