ipfw and matching bridged packets with both 'xmit' and 'recv'
Buuyo
buuyou at gmail.com
Sat Jul 10 03:47:20 PDT 2004
Hello. I have a functioning bridge set up between rl0 and rl2 on a
machine running FreeBSD 4.9, and I'd like to count tcp connections
initiated from the clients on the rl2 side to hosts on the rl0 side,
but not from the machine functioning as a bridge.
I set the sysctl values net.link.ether.ipfw and
net.link.ether.bridge_ipfw to 1, and I invisioned this ipfw command:
ipfw add 1 count tcp from any to any out recv rl2 xmit rl0 bridged setup
and, as expected, ended up with this:
root at bwca$ ipfw show
00001 0 0 count tcp from any to any out recv rl2
xmit rl0 layer2 setup
60000 130074716 89026633533 allow ip from any to any
65535 252 21461 deny ip from any to any
>From a client on the rl2 side of the bridge, I established a tcp
connection to a host on the rl0 side, but an ipfw show 1 revealed that
the counter hadn't been incremented.
What am I missing? I understand, based on my interpretation of the
"recv | xmit | via {ifX | if* | ipno | any}" section of the ipfw
manual page that you can have recv and xmit both in the same rule
provided that it's outbound. What can I do to get my desired
functionality?
Thanks.
I'm sorry, but I'm not subscribed to the freebsd-questions list. Could
you please send a carbon copy of your message to this email address?
More information about the freebsd-questions
mailing list