Carson Gaspar wrote: > --On Thursday, August 10, 2006 3:27 PM +0100 Robin Breathe > <[EMAIL PROTECTED]> wrote: > >> So, back to my original question: should the pfil ipmp interface be able >> to do this, and if not, why not? Surely it just provides a logical name >> pointing to the "active" member of the ipmp group?! If this is the case, >> I don't see any reason for it not to work with fastroute. > > Back to my original answer - no. > > IPMP does not create an interface. It just manages IP aliases. So there > is no virtual interface for ipfilter to use. If you can't create such an > interface using channel bonding, you can't do what you want using ipfilter.
I'm obviously aware that IPMP does not create a system network interface. I fear you're missing the point: with "ndd -set /dev/pfil qif_ipmp_set ipmp0=ce0,qfe0" you create a logical, named *pfil* interface which can be *referenced by pfil's clients* - i.e. ipfilter. Ipfilter is monitoring traffic from or to an interface via pfil. If pfil is configured with a logical IPMP interface (the code is there to handle failovers, etc) then I don't see what the problem is. This works perfectly for filtering traffic flowing over the logical-pfil-ipmp interface (see my original post), I just can't fastroute to it. Regards, Robin -- Robin Breathe, Computer Services, Oxford Brookes University, Oxford, UK [EMAIL PROTECTED] Tel: +44 1865 483685 Fax: +44 1865 483073
signature.asc
Description: OpenPGP digital signature
