ipfw bridge + fwd questions
Ganbold
ganbold at micom.mng.net
Thu Sep 29 23:39:58 PDT 2005
Hi,
I have a question regarding ipfw fwd rule.
I'm using FreeBSD 5.4-STABLE and running on it bridging firewall using ipfw.
Now my question comes:)
Can I use ipfw fwd rules against traffic coming to one of the bridged
interfaces?
I would like to forward some packets (which are destined to port 110) to
some other router through third vr0 interface.
This is because we have 2 upstream providers and one of the providers is
filtering some ports and
I would like to forward such packets to the other provider.
In other words I would like to do something like:
ipfw add fwd z.z.z.z ip from x.x.x.0/19 to any dst-port 25,110
Is it possible? Should z.z.z.z address be included in the routing table of
the machine or it doesn't matter?
I appreciate if somebody can give me some direction and advice.
thanks in advance,
Ganbold
#######################################
sysctl variables I use:
-----------------------------------------------
net.link.ether.bridge_cfg=xl0:0,xl1:0
net.link.ether.bridge_ipfw=1
net.link.ether.bridge.enable=1
net.inet.ip.fw.one_pass=0
ifconfig output:
-----------------------------------------------
xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
ether 00:10:5a:5b:e5:e3
media: Ethernet 100baseTX <full-duplex>
status: active
xl1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
ether 00:04:76:dc:7f:d1
media: Ethernet 100baseTX <full-duplex>
status: active
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet x.x.x.x netmask 0xffffffe0 broadcast x.x.x.x
More information about the freebsd-net
mailing list