From owner-freebsd-net@FreeBSD.ORG  Wed May  4 15:16:29 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C07E316A4CE
	for <net@freebsd.org>; Wed,  4 May 2005 15:16:29 +0000 (GMT)
Received: from 62-15-215-178.inversas.jazztel.es
	(62-15-215-178.inversas.jazztel.es [62.15.215.178])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ACB0D43D49
	for <net@freebsd.org>; Wed,  4 May 2005 15:16:28 +0000 (GMT)
	(envelope-from josemi@freebsd.jazztel.es)
Received: from redesjm.local (orion.redesjm.local [192.168.254.16])
	j44FFMGK001757
	for <net@freebsd.org>; Wed, 4 May 2005 17:15:22 +0200 (CEST)
	(envelope-from josemi@freebsd.jazztel.es)
Received: from localhost (localhost [[UNIX: localhost]])
	by redesjm.local (8.13.3/8.13.3/Submit) id j44FFM5H095234
	for net@freebsd.org; Wed, 4 May 2005 17:15:22 +0200 (CEST)
	(envelope-from josemi@freebsd.jazztel.es)
X-Authentication-Warning: orion.redesjm.local: josemi set sender to
	josemi@freebsd.jazztel.es using -f
From: Jose M Rodriguez <josemi@freebsd.jazztel.es>
Organization: Redes JM
Date: Wed, 4 May 2005 17:15:21 +0200
User-Agent: KMail/1.8
References: <20050502200413.GB46745@genius.tao.org.uk>
	<20050504142425.GB710@genius.pact.cpes.susx.ac.uk>
	<200505041647.33609.josemi@freebsd.jazztel.es>
In-Reply-To: <200505041647.33609.josemi@freebsd.jazztel.es>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-13"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
To: "Undisclosed.Recipients": ;
Message-Id: <200505041715.22110.josemi@freebsd.jazztel.es>
X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-3; AVE: 6.30.0.12;
	VDF: 6.30.0.157; host: antares.redesjm.local)
cc: net@freebsd.org
Subject: Re: ipfw broken with bridge under 5.x (5.3 and 5.4)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2005 15:16:29 -0000

El Mi=E9rcoles, 4 de Mayo de 2005 16:47, Jose M Rodriguez escribi=F3:
> El Mi=E9rcoles, 4 de Mayo de 2005 16:24, Josef Karthauser escribi=F3:
> > It appear that ipfw doesn't work with bridge in 5.3 and 5.4.  The
> > symptoms are that the bridge stops forwarding packets altogether,
> > for me a few minutes after it is set up.  It takes a
> >
> > # net.link.ether.bridge_ipfw=3D0 && sleep 5 &&
> > net.link.ether.bridge_ipfw=3D1
> >
> > to get it back up and running, which it does, but only for a few
> > minutes before it stops working again.  The five second sleep is
> > sometimes too long, and sometimes not enough time.
> >
> > Would someone in the know be able to help me to trouble shoot it?
> > (I'm scared of ipfw! :).
> >
> > Thanks!
> > Joe
>
> Are your rules stopping arp or so?  Remember make pass this kind of
> traffic at layer2.
>

sorry, forgot the rule.  Try something like this at the beginning of=20
your ruleset:

pass not ip from any to any layer2

=2D-
  josemi