From owner-freebsd-stable Mon Jun 3 4:49:34 2002 Delivered-To: freebsd-stable@freebsd.org Received: from quimby.vegasys.net (quimby.vegasys.net [213.180.65.3]) by hub.freebsd.org (Postfix) with SMTP id F342537B403 for ; Mon, 3 Jun 2002 04:49:26 -0700 (PDT) Received: (qmail 21067 invoked from network); 3 Jun 2002 12:10:54 -0000 Received: from unknown (HELO qbrick.com) (62.13.40.34) by quimby.vegasys.net with SMTP; 3 Jun 2002 12:10:54 -0000 Message-ID: <3CFB57AB.5090503@qbrick.com> Date: Mon, 03 Jun 2002 13:48:59 +0200 From: =?ISO-8859-1?Q?Johan_Bj=F6rk?= User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0rc3) Gecko/20020523 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-stable@FreeBSD.ORG Subject: Re: Bridge and ARP problem References: <3CFA5F70.9020000@qbrick.com> <20020602114514.G20911@blossom.cjclark.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Ok sorry if didn´t explained my problem better. Here we go: One box: 4 NIC, xl0,xl1,xl2,dc0 xl0 and dc0 is the bridge. None of these interfaces have an IP-address. xl0 is connected to the same switch as xl2. xl2 is my "outside" interface for my LAN. On xl1 I have DHCPd, IPnat is sending the trafic to xl2. map xl2 10.105.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp map xl2 10.105.1.0/24 -> 0.0.0.0/32 portmap auto map xl2 10.105.1.0/24 -> 0.0.0.0/32 The bridge(xl0 and dc0) is working. But in log/messages I get the Arp errors. [Internet] | | [ Switch ]---[xl0;No IP]-bridge-[dc0;No IP]---[DMZ Switch] | | [xl2 Outside interface LAN; With IP: XX.XXX.XXX.XX] | | [xl1 Inside interface LAN; With IP: 10.105.1.1] Sysctl: net.link.ether.bridge_cfg: xl0:0,dc0:0 net.link.ether.bridge: 1 net.link.ether.bridge_ipf: 1 My ipf.rules only allow tcp/udp in to the DMZ. No other protocol. Best regards, Johan Björk Crist J. Clark wrote: > On Sun, Jun 02, 2002 at 08:09:52PM +0200, Johan Björk wrote: > >>Hi folks, >> >>I have a working firewall using BRIDGE and ipfilter (Patch from: >>http://people.freebsd.org/~cjc/). >> >>But when I installed two more NIC's for our LAN I see some errors. I >>have a real IP-address on LAN outside interface, using ipnat for our >>traffic. >>I see: >>/kernel: arp: 00:01:02:8a:72:d8 is using my IP address XX.XXX.XXX.XX >> >>(XX = outside IP-address) The mac-address is the outside interface of >>the DMZ-bridge. Both outside interfaces are connected to the same switch. >> >>The network setup: >> >>[Internet] >> | >> | >>[ Switch ]----[Outside interface DMZ; No Ip-address assign] >> | >> | >>[ Outside interface LAN] > > > I don't understand this diagram. Where is the FreeBSD bridge in > question? Who has the IP address XX.XXX.XXX.XX? What IP addresses are > assigned to the bridges interfaces? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message