Freebsd 10.2 amd64 netmap ipfw
Archy Cho
archycho at gmail.com
Sat Oct 10 13:43:00 UTC 2015
Dear All
Sorry , I would like to ask do netmap with ipfw will only work as a bridge ?
ie:
+-----------------------+ +---------------------------+ +----------------------+
| Cisco Router A | | Freebsd 10.2 amd64 | | Cisco Router B |
| Int Te1/1 | | ix0 connect to Cisco A | | Int Te1/1 |
| 10.0.85.1/30 | +-----> | Int Te1/1 | +------> | 10.0.85.2/30 |
| | ^-----+ | ix1 connect to Cisco B | ^------+ | |
| | | Int Te1/1 | | |
+-----------------------+ +---------------------------+ +----------------------+
Do the kipfw with netmap should work as this diagram ?
Archy Cho
> Archy Cho <archycho at gmail.com> 於 2015年10月10日 下午9:20 寫道:
>
> Dear Jim and all
>
> My map as follow:
>
> +---------------------+ +---------------------------------+ +------------------------+
> | Cisco Router | | Freebsd 10.2 amd64 custom kernel| | Linux box with |
> | IP 10.0.85.1/30 | | recompiled with "device netmap" | | IP 172.16.0.1/30 |
> | | +--------->+ ix0 = 10.0.85.2/30 | <-----------+ control the Freebsd box
> | | | ix1 = down | | via ssh |
> | | | igb0 = 172.16.0.2/30 | | |
> +---------------------+ +---------------------------------+ +------------------------+
>
> 1) I have recompiled the kernel with device netmap
> 2) I downloaded the next.zip and compiled got the kipfw and ipfw
> 3) I connect via linux box , ssh 172.16.0.2
>
> Do anyone advise , how could I enable netmap ipfw to filter traffic from Cisco Router ?
>
> Archy Cho
>
>> Jim Thompson <jim at netgate.com <mailto:jim at netgate.com>> 於 2015年10月10日 上午1:14 寫道:
>>
>>
>>> On Oct 9, 2015, at 7:14 AM, Archy Cho <archycho at gmail.com <mailto:archycho at gmail.com>> wrote:
>>>
>>> I think I must misunderstand something , could anyone send me advise?
>>> Or any documents could help to build a NETMAP IPFW firewall box ?
>>
>> See the last several paragraphs of:
>>
>> https://github.com/luigirizzo/netmap-ipfw/blob/next/README <https://github.com/luigirizzo/netmap-ipfw/blob/next/README>
>>
>> Note that the "telnet localhost 5566" traffic generator hack mentioned in the README doesn't work without a recompile, but you won't need it for running real traffic.
>>
>> Jim
>>
>
More information about the freebsd-net
mailing list