Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 4 May 2005 18:18:51 +0100
From:      Josef Karthauser <joe@FreeBSD.org>
To:        Gavin Atkinson <gavin.atkinson@ury.york.ac.uk>
Cc:        net@freebsd.org
Subject:   Re: ipfw broken with bridge under 5.x (5.3 and 5.4)
Message-ID:  <20050504171851.GB1863@genius.tao.org.uk>
In-Reply-To: <1115226802.49427.16.camel@buffy.york.ac.uk>
References:  <20050502200413.GB46745@genius.tao.org.uk> <20050502202122.GC46745@genius.tao.org.uk> <20050504142425.GB710@genius.pact.cpes.susx.ac.uk> <1115226802.49427.16.camel@buffy.york.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 

--xgyAXRrhYN0wYx8y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 04, 2005 at 06:13:22PM +0100, Gavin Atkinson wrote:
>=20
> I believe I am seeing similar problems to you, though uptime for me is
> generally measurable in days rather than minutes.  I've found that
> adding an explicit "allow all from any to any" and then removing it
> again seems to get it working.  I will test your solution when mine
> fails again.
>=20
> The comment about arp is an interesting one, I will see what I can find
> out.  I have however seen situations where (eg) UDP DNS through the
> bridge works but web traffic or terminal services etc may not.
>=20
> If you want to share firewall rules and other configuration with me
> off-list to see if there are any similarities I'd be happy to help.
>=20

It appears that the solution is obtained by adding the rule:

    allow ip from any to any layer2 mac-type arp

to the beginning of the firewall list.  IPFW2 drops non-IP traffic
whereas IPFW1 passes it though.  This is the reason why my configuration
stopped working after the upgrade.

Joe
--=20
Josef Karthauser (joe@tao.org.uk)	       http://www.josef-k.net/
FreeBSD (cvs meister, admin and hacker)     http://www.uk.FreeBSD.org/
Physics Particle Theory (student)   http://www.pact.cpes.sussex.ac.uk/
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D An eclectic mix of fact an=
d theory. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

--xgyAXRrhYN0wYx8y
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iEYEARECAAYFAkJ5A/oACgkQXVIcjOaxUBbWrwCfTdf/Kzskv+gyc1VkJ4ftL5sr
9KEAn2c0/dChDA2sceAHBSz6wR82Yjs4
=MkkV
-----END PGP SIGNATURE-----

--xgyAXRrhYN0wYx8y--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050504171851.GB1863>