From owner-freebsd-questions@FreeBSD.ORG Thu Jun 18 14:01:58 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E4FF2106566C for ; Thu, 18 Jun 2009 14:01:58 +0000 (UTC) (envelope-from geoff@apro.com.au) Received: from mail.ricksure.com.au (mail.ricksure.com.au [203.98.89.150]) by mx1.freebsd.org (Postfix) with ESMTP id 508788FC15 for ; Thu, 18 Jun 2009 14:01:57 +0000 (UTC) (envelope-from geoff@apro.com.au) Received: from dsl-202-173-129-2.nsw.westnet.com.au [202.173.129.2] by mail.ricksure.com.au with SMTP; Thu, 18 Jun 2009 23:46:44 +1000 From: Geoff Roberts Organization: Australian Projects To: freebsd-questions@freebsd.org Date: Thu, 18 Jun 2009 23:45:43 +1000 User-Agent: KMail/1.9.10 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200906182345.43828.geoff@apro.com.au> X-Declude-Sender: geoff@apro.com.au [202.173.129.2] X-Declude-Spoolname: 51383922.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.3.64 "http://www.declude.com/x-note.htm" X-Declude-Scan: Outgoing Score [0] at 23:46:49 on 18 Jun 2009 X-Declude-Tests: Whitelisted X-Country-Chain: X-Declude-Code: 0 X-Declude-Recipcount: 1 Organization: Declude, Inc. X-Helo: bsd7desktop.home.wollongong X-RevDNS: Subject: Configuring VLANs - Why is IP address require on NIC connected to Trunk? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: geoff@apro.com.au List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2009 14:01:59 -0000 Hi, I am currently using FreeBSD 7.2 - although the configuration below was originally configured on FreeBSD 7.0. I have a working VLAN configuration - two VLANS on one interface. Let's call the interface ext0 and the VLANS bound to this interface vlan0 and vlan1 The interface ext0 is actually a symbolic name for the real interface (NIC) - done using ifconfig_em0_name="ext0" in rc.conf. I find I have to give the ext0 interface an IP address in order for routing and packet filtering to work on the attached VLANs. a) Is there a way to configure this so that I don't have to give ext0 an IP address? In reality ext0 actually does nothing and has no traffic directed to or from it. I would much rather have ext0 without an IP address, as then I don't have to worry about firewall rules etc. b) If I do have to give the ext0 interface an IP address are there any general standards on IP address and mask to specify? c) Should I also specify firewall rules in pf such as the following or will these rules cause other things to break. block in on ext0 from any to (ext0) block out on ext0 from (ext0) to any Kind regards, Geoff