Date: Thu, 25 Oct 2001 08:13:42 +0800 From: "Jun Favoreal" <fpcf@hotmail.com> To: sumirati@yahoo.de Cc: questions@freebsd.org Subject: Re: bridging without ipfw Message-ID: <LAW2-F78HZqYW8BYXif0000715c@hotmail.com>
next in thread | raw e-mail | index | archive | help
>From: m p <sumirati@yahoo.de> >To: junf@wavephil.com >CC: questions@freebsd.org >Subject: Re: bridging without ipfw >Date: Wed, 24 Oct 2001 11:29:42 +0200 (CEST) > > > >Rick Hunter wrote: > > > > Hello, > > > > I am running 4.3-RELEASE with the following additional > > kernel options set on the GENERIC kernel config file: > > > > options IPFIREWALL > > options IPFIREWALL_VERBOSE > > options IPFIREWALL_FORWARD > > options IPFIREWALL_DEFAULT_TO_ACCEPT > > options IPDIVERT > > options IPFILTER > > options IPFILTER_LOG > > options IPSTEALTH > > options DUMMYNET > > options QUOTA > > options NMBCLUSTERS=32768 > > options BRIDGE > > > > Compiled kernel successfully and installed it. Add > > > > net.link.ether.bridge=1 > > net.inet.ip.forwarding: 1 > > > > to sysctl.conf. Then, rebooted the machine. This is my > > network setup > > > > +--------+ +----------+ > > | PC +A-------B+ BRIDGE +C------[192.168.1.0/27] > > +--------+ ^ +----------+ [ Network ] > > | > > cross cable > > > > where > > > > A -- 192.168.1.5/27 > > B -- (no address) > > C -- 192.168.1.30/27 > > > > PROBLEM: > > PC cannot ping the outside network. > > The outside network cannot ping the PC. > > Therefore, bridge is not working. > > > > I have gone through all BRIDGE documentations. And I > > think I have followed everything (I think). Anything > > that I missed out ??? > > > >Hi Rick, > >the default rule for ipfw is "deny all". If you had not added "allow what i >want" to ipfw it will not forward any pakets because of your rulebase. > >Take a look at your /etc/rc.conf and /etc/rc.firewall which type you had >choose >and modify it to fit for you. From sysctl -a, net.link.ether.bridge_ipfw: 0 My understanding if this is zero is that bridged packets would not be filtered. I made this zero to simplify things and just focus on bridging without writing firewall rules. With regards to the default rulebase, the ipfw default is to accept everything. This is what I see in ipfw -a l, 65535 N N allow ip from any to any Still the question remains, why does it not work =) -- _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LAW2-F78HZqYW8BYXif0000715c>