Hello, First off, a great thanks to this list who pointed out my hardware issue (rl series cards). I now have the bridge on two Intel Pro NICS and I use the on-board sis card for console access, and my average ping time is a 2ms average to the router, passing about a solid 2MB/s.
My current situation is that it seems IPFW is filtering by IP address, but never matching an IP address/Port number combo (ex: “deny ip from IP to any” works, but “deny ip from IP to any 80” does not work). The firewall rules are as follows: #1. Allow all SSH traffic until rules are down safe. ipfw add 1 allow ip from any to LOCAL_IP 22 #ipfw add 100 TEST (either “deny ip from any to any” or “deny ip from any to any 80”). ipfw add 500 pipe 1 ip from any to any ipfw pipe 1 config bw 20480Kbit/s default> allow ip from any to any The setup is as follows in rc.conf: Ifconfig_fxp0=”up” Ifconfig_fxp1=”up” Ifconfig_sis0=”LOCAL_IP…” And in sysctl.conf: net.link.ether.bridge.enable=1 net.link.ether.bridge.config=fxp0,fxp1 net.link.ether.bridge.ipfw=1 Kernel has been built with IPFW and DUMMYNET. Freebsd 5.3 (RELENG_5, cvsupdated and recompiled about a week ago). The server was working fine when I had it filtering between two switches (secondary to primary). I was having web/email/irc traffic bypass the pipe, and used the pipe to limit the speed of those who use P2P. Now, I have this situation with the firewall between the main switch and the router. I really need to get this working for this purpose again fast or else I’ll have a repeat of an earlier “internal” DoS, so any and all tips, comments, pointers would be greatly appreciated! I wonder if it is because I haven’t assigned an IP address on the fxp facing the inside network…? Haven’t had the time to try this yet (11:50pm local time!) since I don’t remember which fxp card is facing internal/external and so I will try in the morning. Again, many thanks! Andrew Seguin -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 12/15/2004 _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
