On Thu, Dec 14, 2000 at 11:05:52PM -0800, Luigi Rizzo wrote:
> > The problem with the "just let it be a router" approach is that I
> > want all traffic from B to go to A and C, not just that which is
> > actually intended for said net (yes all can be considered nets).
>
> the thing is, i do not see much point for doing this (there would
> be no receivers on the 'wrong' segment), so it would be easier for me to
> understand what you have in mind if you describe the reason you want
> to do this.
It is to simulate a problem similar to the hidden node problem in
wireless LAN. This is a lab situation, not one where we want a
"good" network design. You could similarly consider the problem as
similar to arbitrary monitoring, port replication, span port, etc.
> > specific denies, e.g.:
> > deny from A via ifC
> > instead of
> > deny from A to C
> >
> > I still get confused with via.
>
> 'via' does not work well with bridged packets, as ipfw has no
> info on the output interface (as there can be more than one, essentially,
> and ipfw is invoked only once and _before_ the output if is selected).
Ah, yes, I see that now. Hmmm ... that does make it a poser.
--
Clark K. Gaylord
Blacksburg, Virginia USA
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
