ipfw bridge + fwd questions

From: Ganbold (ganbold_at_micom.mng.net)
Date: 09/30/05

  • Next message: Olivier Nicole: "Re: ipfw bridge + fwd questions" 
    Date: Fri, 30 Sep 2005 15:39:49 +0900
To: freebsd-net@freebsd.org

    Hi,

    I have a question regarding ipfw fwd rule.
    I'm using FreeBSD 5.4-STABLE and running on it bridging firewall using ipfw.

    Now my question comes:)
    Can I use ipfw fwd rules against traffic coming to one of the bridged
    interfaces?
    I would like to forward some packets (which are destined to port 110) to
    some other router through third vr0 interface.
    This is because we have 2 upstream providers and one of the providers is
    filtering some ports and
    I would like to forward such packets to the other provider.

    In other words I would like to do something like:

    ipfw add fwd z.z.z.z ip from x.x.x.0/19 to any dst-port 25,110

    Is it possible? Should z.z.z.z address be included in the routing table of
    the machine or it doesn't matter?

    I appreciate if somebody can give me some direction and advice.

    thanks in advance,

    Ganbold

    #######################################
    sysctl variables I use:
    -----------------------------------------------
    net.link.ether.bridge_cfg=xl0:0,xl1:0
    net.link.ether.bridge_ipfw=1
    net.link.ether.bridge.enable=1
    net.inet.ip.fw.one_pass=0

    ifconfig output:
    -----------------------------------------------
    xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
             options=9<RXCSUM,VLAN_MTU>
             ether 00:10:5a:5b:e5:e3
             media: Ethernet 100baseTX <full-duplex>
             status: active
    xl1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
             options=9<RXCSUM,VLAN_MTU>
             ether 00:04:76:dc:7f:d1
             media: Ethernet 100baseTX <full-duplex>
             status: active
    vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
             inet x.x.x.x netmask 0xffffffe0 broadcast x.x.x.x

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Olivier Nicole: "Re: ipfw bridge + fwd questions"

    Relevant Pages

    • Re: Adjust Maximum Segment Size?
      ... - ipfw + divert + ng_ksocket. ... plus two sysctl entries for max mss and max mss IPv6. ... Local connections observe the MTU setting on the interface and the ...
      (freebsd-net)
    • Re: strange NAT behaviour
      ... What is the MTU of your outgoing path? ... ipfw + natd, ... natd on vr0 with mtu 1500, iface to internal network is xl0 with mtu ... from the nat machine I was able to do all networking so I wouldnt blame ...
      (freebsd-current)
    • Re: ipfw bridge + fwd questions
      ... > I have a question regarding ipfw fwd rule. ... sysctl net.link.ether.bridge_ipfw=1 just like in your sysctl variables. ... > to some other router through third vr0 interface. ... In this example we send all the port 80 traffic to port 8000: ...
      (freebsd-net)