Hi,
I have applied Luigi's patch to a FBSD 4.8 kernel to be able to use fwd rules in ipfw with a BRIDGE. I have to say its a very cool feature. Now, there is two side of this, one good and one that I really need to fix.
The good side is it works in this configuration:
CLIENT --------(fxp0) BRIDGE1 (fxp1) --------- ROUTER(S) -----------(fxp1) BRIDGE2 (fxp0) ------- SERVER
CL:IENT is on the same subnet as BRIDGE1 and SERVER is on the same subnet as BRIDGE2, using ipfw rules like this:
reset tcp from any to me XXXX reset tcp from any to me YYYY fwd 127.0.0.1,XXXX tcp from any to any in via fxp0 fwd 127.0.0.1,YYYY tcp from any to any in via fxp1
I get all tcp traffic to be "sucked in" by the fwd rules to a proxy application that goes out to connect from fxp1 (fxp1 has an address for the proxy to bind on). It is then grabbed by another proxy on BRIDGE2 and forwarded to another proxy on port YYYY and it connects to the SERVER just fine.
There is only one route, which is default pointing to the closest ROUTER on both bridge.
The previous scenario work just fine but if it gets more complicated, with something like this:
CLIENT ----- ROUTER(S) ----- BRIDGE1 ----- ROUTER(S) ---- BRIDGE2 ----ROUTER(S) ---- SERVER
Here, CLIENT is _not_ on the same subnet as BRIDGE1 and SERVER is _not_ on the same subnet as BRIDGE2.
Using the same rules as above, traffic comming from CLIENT goes through the BRIDGE1 _whitout_ being "fwded"!!
If anyone could help me to figure at least why tcp packets are going through whitout being sucked in, I would really appreciate.
Obviously if you know how to fix this then please let me know :).
Regards,
Karim. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
