ipfw divert with layer2 (if_bridge) packets
Julian Elischer
julian at elischer.org
Tue May 9 21:01:41 UTC 2006
Carlos E Gaspar wrote:
> Hi.
>
> I have the following setup:
>
> FreeBSD abc5.5-PRERELEASE FreeBSD 5.5-PRERELEASE #0: Wed Apr 26
> 14:58:22 BRT 2006 root at abc:/usr/src/sys/alpha/compile/ABC alpha
>
> bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> ether xx:xx:xx:xx:xx:xx
> priority 32768 hellotime 2 fwddelay 15 maxage 20
> member: de1 flags=3<LEARNING,DISCOVER>
> member: de0 flags=3<LEARNING,DISCOVER>
>
> de1 is my internal interface (local) and de0 the external (internet).
> host1 is on de1. Bridge works fine (if_bridge).
>
> With the following sysctl's:
>
> net.link.bridge.pfil_onlyip: 0
> net.link.bridge.pfil_member: 1
> net.link.bridge.pfil_bridge: 0
> net.link.bridge.ipfw: 0
> net.link.ether.ipfw: 1
>
> I'm trying to divert layer2 packets using this ipfw rule, but the
> counters are always 0 0 as seen with 'ipfw show'.
I don't know about if_bridge but layer2 and divert are not allowed
together..
I have changes that make it work in 4.x but they will not apply to 5.x
or later..
Luigi also has some changes that allow it..
>
> divert 8000 log all from host1 to any layer2 in via de1
>
> What's wrong? It's possible to do that with if_bridge? Do I need FBSD
> 6.1?
> Thanks for advance... sorry about my english
>
> Carlos Gaspar
> carlosgaspar at yahoo.com
>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list