Date: Sun, 4 Feb 2001 10:59:29 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: Rich Wales <richw@webcom.com> Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: BRIDGE breaks ARP? (more info) Message-ID: <Pine.NEB.3.96L.1010204105615.65610B-100000@fledge.watson.org> In-Reply-To: <20010204062837.94849.richw@wyattearp.stanford.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 3 Feb 2001, Rich Wales wrote: > Earlier, I reported an ARP problem on a 4.2-STABLE bridge system. > > A few people wrote me privately, advising me to include a firewall rule > passing UDP packets on port 2054 to/from the IP address 0.0.0.0. > > I've tried this, but it doesn't help any. I should mention, though, > that I don't think this firewall rule is relevant in any case. > > First, the "port 2054" kludge doesn't appear to be in the networking > code any more. I grep'ed the entire -STABLE base source for any > references to UDP port 2054, and I found nothing at all except for the > commented-out line in the etc/rc.firewall file. As far as I'm aware, > bridging of non-IP packets is now controlled by the kernel's default > "ipfw" rule -- and, yes, I do have the options IPFIREWALL and > IPFIREWALL_DEFAULT_TO_ACCEPT in my configuration. There used to be a kludge that mapped the ether_header.ether_type field of non-IP packets into the UDP port number for the purposes of certain IPFW rules when bridging. This was pretty awful. :-) That kludge was removed, and the BRIDGE code now simply forwards all non-IP packets, including ARP, and does not pass them through IPFW when IPFW is enabled, making them follow the equivilent of a default pass rule. This is a kludge that I am glad to see go: I can certainly imagine the desire to support non-IP filtering in a bridge, but IPFW was not the right vehicle for that. I believe the removal of the kludge occurred along with Archie's other fixups around Jun 21, 2000, which was certainly prior to 4.2-RELEASE. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010204105615.65610B-100000>