IPv6 tables?
Just a quick question: What would it take to have similar functionality to the IPv4 tables in ipfw for v6? Is there a specific reason it isn't there (other than the fact that I haven't got my finger out and learnt the neccessary to add it myself ;) )? -- Matt Dawson. [EMAIL PROTECTED] MTD15-RIPE ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPv6 tables?
On Tuesday 05 August 2008 16:33:04 Matt Dawson wrote: Just a quick question: What would it take to have similar functionality to the IPv4 tables in ipfw for v6? Is there a specific reason it isn't there (other than the fact that I haven't got my finger out and learnt the neccessary to add it myself ;) )? In FreeBSD 7 and above all three firewall packages included with FreeBSD understand both IPv4 and IPv6. Read the ipfw(8) man page for details on how to setup IPv6 rules. -- /\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw nat/natd
I have a problem at the scheme: ( gw ) - ( nat_router ) - ( https ) real.ip0real.ip1 10.19.90.110.19.90.2 If I use ipfw+natd on nat_router then redirect to https server and to nat_router local address 10.19.90.1 is well, but if ipfw+nat - redirect to nat_router local address is fail. This is bug ? ipfw+nat schema - on nat_router - ipfw rules ipfw nat 1 config if vlan2 log redirect_port tcp 10.19.90.1:5000 5000 \ redirect_port tcp 10.19.90.2:443 443 ipfw add 500 nat 1 log ip from any to any via vlan2 // nat - iperf -s -p 5000 - on gw - iperf -p 5000 -c real.ip1 tcpdump -np -i vlan2 host real.ip0 18:36:08.170034 IP real.ip0.60950 real.ip1.5000: S 3167071663:3167071663(0) win 65535 mss 1460,nop,wscale 2,nop,nop,timestamp 785027736 0,sackOK,eol 18:36:08.170093 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785027736 18:36:11.170239 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785027736 18:36:11.208523 IP real.ip0.60950 real.ip1.5000: S 3167071663:3167071663(0) win 65535 mss 1460,nop,wscale 2,nop,nop,timestamp 785030736 0,sackOK,eol 18:36:11.208554 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785030736 18:36:14.208712 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785030736 18:36:14.448772 IP real.ip0.60950 real.ip1.5000: S 3167071663:3167071663(0) win 65535 mss 1460,nop,wscale 2,nop,nop,timestamp 785033936 0,sackOK,eol 18:36:14.448802 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785033936 18:36:17.449225 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785033936 18:36:17.689771 IP real.ip0.60950 real.ip1.5000: S 3167071663:3167071663(0) win 65535 mss 1460,sackOK,eol 18:36:17.689801 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,eol 18:36:20.689736 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,eol 18:36:20.944763 IP real.ip0.60950 real.ip1.5000: S 3167071663:3167071663(0) win 65535 mss 1460,sackOK,eol 18:36:20.944794 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,eol 18:36:23.945252 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,eol Thanks all! ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw nat/natd
I have a problem at the scheme: ( gw ) - ( nat_router ) - ( https ) real.ip0real.ip1 10.19.90.110.19.90.2 If I use ipfw+natd on nat_router then redirect to https server and to nat_router local address 10.19.90.1 is well, but if ipfw+nat - redirect to nat_router local address is fail. This is bug ? ipfw+nat schema - on nat_router - ipfw rules ipfw nat 1 config if vlan2 log redirect_port tcp 10.19.90.1:5000 5000 \ redirect_port tcp 10.19.90.2:443 443 ipfw add 500 nat 1 log ip from any to any via vlan2 // nat - iperf -s -p 5000 - on gw - iperf -p 5000 -c real.ip1 tcpdump -np -i vlan2 host real.ip0 18:36:08.170034 IP real.ip0.60950 real.ip1.5000: S 3167071663:3167071663(0) win 65535 mss 1460,nop,wscale 2,nop,nop,timestamp 785027736 0,sackOK,eol 18:36:08.170093 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785027736 18:36:11.170239 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785027736 18:36:11.208523 IP real.ip0.60950 real.ip1.5000: S 3167071663:3167071663(0) win 65535 mss 1460,nop,wscale 2,nop,nop,timestamp 785030736 0,sackOK,eol 18:36:11.208554 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785030736 18:36:14.208712 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785030736 18:36:14.448772 IP real.ip0.60950 real.ip1.5000: S 3167071663:3167071663(0) win 65535 mss 1460,nop,wscale 2,nop,nop,timestamp 785033936 0,sackOK,eol 18:36:14.448802 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785033936 18:36:17.449225 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 785033936 18:36:17.689771 IP real.ip0.60950 real.ip1.5000: S 3167071663:3167071663(0) win 65535 mss 1460,sackOK,eol 18:36:17.689801 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,eol 18:36:20.689736 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,eol 18:36:20.944763 IP real.ip0.60950 real.ip1.5000: S 3167071663:3167071663(0) win 65535 mss 1460,sackOK,eol 18:36:20.944794 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,eol 18:36:23.945252 IP real.ip1.5000 real.ip0.60950: S 655190881:655190881(0) ack 3167071664 win 65535 mss 1460,nop,wscale 3,sackOK,eol Thanks all! ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPv6 tables?
Matt Dawson wrote: Just a quick question: What would it take to have similar functionality to the IPv4 tables in ipfw for v6? Is there a specific reason it isn't there (other than the fact that I haven't got my finger out and learnt the neccessary to add it myself ;) )? there is no reason except that is hasn't been done :-) ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
