I've searched the archive, and read the man page...possible that I've missed something.
ipfw rules... <omitted .. > 00700 0 0 allow ip from 172.16.200.2 <http://172.16.200.2/> to 172.16.200.2<http://172.16.200.2/> 00800 9 756 fwd 172.16.200.1 <http://172.16.200.1/> ip from 172.16.200.2<http://172.16.200.2/>to any 00900 0 0 allow ip from any to 172.16.200.2 <http://172.16.200.2/> via vlan3 <omitted .. > vlan3: flags=8843<UP,BROADCAST ,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 172.16.200.2 <http://172.16.200.2/> netmask 0xffffff00 broadcast 172.16.200.255 <http://172.16.200.255/> ether 00:b0:d0:49:00:bd media: Ethernet autoselect (100baseTX) status: active vlan: 3 parent interface: fxp0 Kern options options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT options IPFIREWALL_FORWARD 5.4-RELEASE-p8 As you can see from the ipfw output, the fwd rules match - but the packets are still forwarded out the primary interface following the default route (verified via tcpdump). The fwd <ip> is reachable from the host, and is a router that knows what to do with the packets.... _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
