I'm trying to use Dummynet+IPFW and bridging to make a packet shaper
that runs across multiple VLANs. So my intended set up is:

[users]->[Aggregate Switch]=>[FreeBSD]=>[Upstream Switch (with IP
interfaces for each vlan)]->The World

where -> is a single VLAN, and => is a tagged dot1q trunk. The aim is to
drop the FreeBSD box in the middle, in one trunked uplink, and cover all
the VLANs downstream of that.

Should this work?

In practice, the bridging seems to work OK, but as soon as I add rules
to match traffic passing through and apply it to pipes, everything
stops. I can use tcpdump's vlan option to filter traffic on em0, em1 or
bridge0 and it does show only traffic for that vlan, so tags are being

Ideally, I'd like to use the dot1q tag in ipfw rules directly, and avoid
ip ranges, but I don't think that's possible. Is there some special
incantation to make ipfw vlan-aware?

Has anyone else done this successfully?

Best Regards,

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to