freebsd router 2x 3c905B-TX

[Zbyněk Burget]

...ruce byly rychlejsi, nez hlava :-(

zkusil bych na konec kazdeho pravidle pripsat neco ve smyslu

......... via xl0

pak se bude shapovat jenom pri pruchodu packetu pres prislusny iface
to je nejjednodussi zpusob, jak se da resit dany problem.

Zbynek


Zbyněk Burget napsal(a):

> Vaclav.Ulik at cz.soluziona.com napsal(a):
> 
>> users-l-bounces at freebsd.cz wrote on 05/04/2005 10:52:02 AM:
>>
>>
>>> typ firewallu?
>>> alespon relevantni cast konfigurace firewallu?
>>> alespon relevantni cast rc.conf?
>>
>>
>>
>> 01008 queue 64 ip from 172.17.15.8 to 172.17.1.91
>> 01009 queue 65 ip from 172.17.1.91 to 172.17.15.8
>> 01016 queue 128 ip from 172.17.15.16 to 172.17.1.91
>> 01017 queue 129 ip from 172.17.1.91 to 172.17.15.16
>> 01032 queue 256 ip from 172.17.15.32 to 172.17.1.91
>> 01033 queue 257 ip from 172.17.1.91 to 172.17.15.32
>> 01064 queue 512 ip from 172.17.15.64 to 172.17.1.91
>> 01065 queue 513 ip from 172.17.1.91 to 172.17.15.64
>> 01128 queue 1024 ip from 172.17.15.128 to 172.17.1.91
>> 01129 queue 1025 ip from 172.17.1.91 to 172.17.15.128
> 
> 
> Je to tim, co psal Dan - kazdym z techto pravidel vsupuje packet do 
> queue minimalne dvakrat - jadnou pri pruchodu na vstupnim iface, podruhe 
> pri pruchodu vystupnim iface.
> net.inet.ip.fw.one_pass: 1
> resi pouze to, ze je packet pri svem pruchodu firewallem a odeslanim do 
> queue akceptovan a neprochazi zbyla pravidla.
> Pokud by bylo ipfw prelozeno jako ipfw2 a byl nastaven
> net.link.ether.ipfw: 1
> vstupoval by packet do firewallu dokonce ctyrikrat.
> 
> layer2 in iface
> layer3 in iface
> layer3 out iface
> layer2 out iface
> 
> Zbynek
>