At 09:08 PM 8/11/2005, Dan Mahoney, System Admin wrote:
Okay, here's the situation. PLEASE let me know if there's a better place
to ask. (isp@, kernel@, something)
I'm setting up a bridging firewall where the packets are passing through
on dot1q trunks.
The bridge works. Packet counts work (so I assume the bridge at least
sees the packets).
Problem is, any "reasonable" rules (such as those which actually say to
block traffic by ip or port or anything) aren't working at all. Not even
logging counts.
Setting the "bridged" flag doesn't seem to help.
Which "bridged" flag would that be?
My only guess is that ipfw doesn't have the brains to look beyond the VLAN
tags. Is this the case? Is this supported under 4.x, or is there any way
AT ALL that I can get this to work?
What version are you using? You mention 4.x here, but your subject line
suggests 5.4.
As a note, snort and trafshow and everything else work fine analyzing the
bridge traffic, it seems only the kernel has an issue.
Do you have the net.link.ether.bridge_ipfw sysctl set to 1?
-Glenn
--
"Of course she's gonna be upset! You're dealing with a woman here Dan,
what the hell's wrong with you?"
-S. Kennedy, 11/11/01
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
