Date: Mon, 8 Jul 2019 12:42:04 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Eugene Grosbein <eugen@grosbein.net> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Dan Lists <lists.dan@gmail.com> Subject: Re: Bridge Not Forwarding ARP Message-ID: <CAHu1Y731=60gVmVxKuK6BJh1J2X80Nupk1MjAy-3P6A8eW5Tow@mail.gmail.com> In-Reply-To: <e2b2da0a-77d4-2235-c5b5-1b677be2a37e@grosbein.net> References: <CAPW8bZ2NaXB24p1mtH=A2f8ZukTPn7%2BPKXwUN2F0Osrn0exYNw@mail.gmail.com> <CAHu1Y72BjAgrM6=gFAJK6D9drAqda_oKz1V=cA4Ex18=fdFAQQ@mail.gmail.com> <CAPW8bZ3PE20dCaeddfBGA1FOobCa%2BHAxLVeHgvjKp9%2BB_TapkQ@mail.gmail.com> <9e33c592-bd64-277e-6c21-fdeba7e44a94@grosbein.net> <CAHu1Y70R%2BBwiKTLoA0KqK2xJ5YpcM_O2ApNoackm_izEFP0DJA@mail.gmail.com> <e2b2da0a-77d4-2235-c5b5-1b677be2a37e@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 8, 2019 at 11:22 AM Eugene Grosbein <eugen@grosbein.net> wrote: > 09.07.2019 0:43, Michael Sierchio wrote: > > > On Mon, Jul 8, 2019 at 10:33 AM Eugene Grosbein <eugen@grosbein.net> > wrote: > > > > 09.07.2019 0:19, Dan Lists wrote: > >> > >>> On Mon, Jul 8, 2019 at 11:55 AM Michael Sierchio <kudzu@tenebras.com> > >> wrote: > >>> > >>>> What's your firewall ruleset look like? (show, don't tell) > >>> The firewall is off for testing (the machine is only on a private > >> network). > >>> # ipfw list > >>> 65535 allow ip from any to any > >>>> What does sysctl report on the interfaces and on arp? > >>> I have not changed any settings. > >> > >> Show output of ifconfig for the bridge and for its members, too. > >> I suppose some misconfiguration like IP address assigned to member > >> interfaces that is wrong. > >> All IP addresses need to be moved to the bridge interface itself. > >> > >> > > Does 'ip' in ipfw match arp packets? > > We have net.link.bridge.ipfw_arp that defaults to 0 (false): > > $ sysctl -d net.link.bridge.ipfw_arp > net.link.bridge.ipfw_arp: Filter ARP packets through IPFW layer2 > > If one changes it to 1 so ipfw would get bridged ARP frames, > then answer to your question should depend on value of net.link.ether.ipf= w > (0 by default) > as ARP packets have no IP header. So if you change so many sysctls, you > will be able > to filter ARP frames with "ip" keyword as "ip" equals to "all" in ipfw. > > Right, thanks, and Dan's sysctl output has net.link.bridge.ipfw_arp: 0 --=20 "Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is = no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y731=60gVmVxKuK6BJh1J2X80Nupk1MjAy-3P6A8eW5Tow>