freebsd router 2x 3c905B-TX
Zbyněk Burget
zburget at miastudio.cz
Wed May 4 11:24:49 CEST 2005
Vaclav.Ulik at cz.soluziona.com napsal(a):
> users-l-bounces at freebsd.cz wrote on 05/04/2005 10:52:02 AM:
>
>
>>typ firewallu?
>>alespon relevantni cast konfigurace firewallu?
>>alespon relevantni cast rc.conf?
>
>
> 01008 queue 64 ip from 172.17.15.8 to 172.17.1.91
> 01009 queue 65 ip from 172.17.1.91 to 172.17.15.8
> 01016 queue 128 ip from 172.17.15.16 to 172.17.1.91
> 01017 queue 129 ip from 172.17.1.91 to 172.17.15.16
> 01032 queue 256 ip from 172.17.15.32 to 172.17.1.91
> 01033 queue 257 ip from 172.17.1.91 to 172.17.15.32
> 01064 queue 512 ip from 172.17.15.64 to 172.17.1.91
> 01065 queue 513 ip from 172.17.1.91 to 172.17.15.64
> 01128 queue 1024 ip from 172.17.15.128 to 172.17.1.91
> 01129 queue 1025 ip from 172.17.1.91 to 172.17.15.128
Je to tim, co psal Dan - kazdym z techto pravidel vsupuje packet do
queue minimalne dvakrat - jadnou pri pruchodu na vstupnim iface, podruhe
pri pruchodu vystupnim iface.
net.inet.ip.fw.one_pass: 1
resi pouze to, ze je packet pri svem pruchodu firewallem a odeslanim do
queue akceptovan a neprochazi zbyla pravidla.
Pokud by bylo ipfw prelozeno jako ipfw2 a byl nastaven
net.link.ether.ipfw: 1
vstupoval by packet do firewallu dokonce ctyrikrat.
layer2 in iface
layer3 in iface
layer3 out iface
layer2 out iface
Zbynek
More information about the Users-l
mailing list