Dear Professor Luigi After I read the past mailing list , I got it working now , but I have something to ask.
Quote from http://lists.freebsd.org/pipermail/freebsd-net/2014-November/040380.html <http://lists.freebsd.org/pipermail/freebsd-net/2014-November/040380.html> WITHOUT kipfw you will be OUT of communication. If you want to have communication without kipfw please configure if_bridge(4) properly. My testing boxes , I could communicate with bridge + kipfw , but not without bridge , is that normal ? ( I have tested , after kipfw with bridge , filtering rules still could be applied ) And do kipfw could be enable as multithread for a single bridge to provide better performance ? Thank you so much . Archy Cho > Archy Cho <archy...@gmail.com> 於 2015年10月10日 下午9:20 寫道: > > Dear Jim and all > > My map as follow: > > +---------------------+ +---------------------------------+ > +------------------------+ > | Cisco Router | | Freebsd 10.2 amd64 custom kernel| > | Linux box with | > | IP 10.0.85.1/30 | | recompiled with "device netmap" | > | IP 172.16.0.1/30 | > | | +--------->+ ix0 = 10.0.85.2/30 | > <-----------+ control the Freebsd box > | | | ix1 = down | > | via ssh | > | | | igb0 = 172.16.0.2/30 | > | | > +---------------------+ +---------------------------------+ > +------------------------+ > > 1) I have recompiled the kernel with device netmap > 2) I downloaded the next.zip and compiled got the kipfw and ipfw > 3) I connect via linux box , ssh 172.16.0.2 > > Do anyone advise , how could I enable netmap ipfw to filter traffic from > Cisco Router ? > > Archy Cho > >> Jim Thompson <j...@netgate.com <mailto:j...@netgate.com>> 於 2015年10月10日 >> 上午1:14 寫道: >> >> >>> On Oct 9, 2015, at 7:14 AM, Archy Cho <archy...@gmail.com >>> <mailto:archy...@gmail.com>> wrote: >>> >>> I think I must misunderstand something , could anyone send me advise? >>> Or any documents could help to build a NETMAP IPFW firewall box ? >> >> See the last several paragraphs of: >> >> https://github.com/luigirizzo/netmap-ipfw/blob/next/README >> <https://github.com/luigirizzo/netmap-ipfw/blob/next/README> >> >> Note that the "telnet localhost 5566" traffic generator hack mentioned in >> the README doesn't work without a recompile, but you won't need it for >> running real traffic. >> >> Jim >> > _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
