Re: Bridging and divert
Next message: Administrator: "altq for vlans?"
Date: Tue, 13 Sep 2005 09:21:27 +0700 (ICT)
To: lists@yazzy.org
> Is there a trick to make bridge work with divert ?
I use ipf not ipfw. Divert I think is same as redirection. What I
found out is:
1) firewall applies only to incoming packets (while I think it should
apply to incoming and outgoing) so only half the rules applies, and
the revert rule of an a redirection will never apply.
2) the IP packet is modified OK, but the Ethernet frame that encl;ose
the packet is not modified, so whatever the IP says, the packet
will be delivered to the same old MAC address.
> Is something like thay maybe possible with pf or ipf ?
Modify /sys/net/bridge.c (good luck!)
Olivier
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Next message: Administrator: "altq for vlans?"
Relevant Pages
- Re: Application layer classifier for ipfw
... packet back at the specified rule number. ... configuration file and firewall script to get you started. ... when any number after the divert rule/s would do. ... As long as you don't subtract one for the non-match packets reinjected ...
(freebsd-net) - Re: Application layer classifier for ipfw
... The tarball has a sample>>> configuration file and firewall script to get you started. ... I had the configuration file specify the rule number that passes the diverted packets to dummynet. ... The code would subtract 1 from the number when it wrote the packet back, but I wasn't sure how ipfwwould react to a possibly non-existant rule so changed it to its current form. ... when any number after the divert rule/s would do. ...
(freebsd-net) - Re: Telling BSD to stop resetting the connection!
... Any ideas on how to stop the net stack from resetting my connections, ... The following rules are added dynamically when my client sends a packet to a server so we can get it back on the divert socket. ...
(freebsd-hackers) - divert(4) socket isnt connection oriented
... I've spent several days digging in interaction between divert ... it tells incoming packet from outgoing ... It is important that ng_ksocket does not save sockaddr if socket is ... connection destination. ...
(freebsd-net) - Re: Application layer classifier for ipfw
... I looked for programs that would allow me to shape traffic according to the application layer protocol, but couldn't find any for FreeBSD. ... you use ipfwto divert tcp/udp packets to the damon. ... when it detects a matching session it re-injects the packet back at the specified rule number. ... The tarball has a sample configuration file and firewall script to get you started. ...
(freebsd-net) |
|
