[ previous ] [ next ] [ threads ]
 
 From:  Victor Hiebert <vic at sfu dot ca>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  transparent bridging and traffic shaping
 Date:  Tue, 23 Nov 2004 16:46:32 -0800
Good day.  Does m0n0wall (beta or otherwise) support transparent
bridging?  A transparent bridge according to my understanding would be
a device that passes all packets from one interface to another and
vise versa. I tried setting up a bridge and NOT enabling "Enable
filtering bridge" but it seems that packets are still being blocked by
m0n0walls ipf..

$ ipfstat -i -h
0 pass in quick on lo0 from any to any
0 block in log quick from any to any with short
15 block in log quick from any to any with ipopt
0 pass in quick on fxp2 proto udp from any port = 68 to 255.255.255.255/32 port = 67
0 pass in quick on fxp2 proto udp from any port = 68 to 172.16.0.128/32 port = 67
0 block in log quick on fxp0 from 172.16.0.0/12 to any
0 block in log quick on fxp0 proto udp from any port = 67 to 172.16.0.0/12 port = 68
0 pass in quick on fxp0 proto udp from any port = 67 to any port = 68
0 block in log quick on fxp2 from !172.16.0.0/12 to any
0 block in log quick on fxp1 from !209.87.57.0/24 to any
13 skip 1 in proto tcp from any to any flags S/FSRA
0 block in log quick proto tcp from any to any
185 block in log quick on fxp2 from any to any head 100
13 pass in quick from 172.16.0.0/12 to 172.16.0.128/32 keep state group 100
2606 block in log quick on fxp0 from any to any head 200
0 block in log quick on fxp1 from any to any head 300
0 block in log quick from any to any

This being the case, I assume I could mount the flash file system on
another box and edit the default rules out?  Could I just disable ipf
entirely somehow?

Does traffic shaping require "Enable filtering bridge" (ipf
firewalling)?

Thank you.