Date: Thu, 25 Dec 2003 12:52:12 -0800 From: "Bruce A. Mah" <bmah@FreeBSD.org> To: Ian Smith <smithi@nimnet.asn.au> Cc: freebsd-net@FreeBSD.org Subject: Re: bridge with access on both interfaces Message-ID: <20031225205212.GA64786@intruder.kitchenlab.org> In-Reply-To: <Pine.BSF.3.96.1031224025136.14168A-100000@gaia.nimnet.asn.au> References: <Pine.BSF.3.96.1031224025136.14168A-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline If memory serves me right, Ian Smith wrote: > In short, ifconfig appears unwilling to have two NICs covering the same > /24. Can this be set up? I'm also at a bit of a loss with the routing, > so inside packets to the bridge box (ie unbridged packets) are responded > to on the same interface, and outside unbridged packets go only to/from > the gw. Some tcpdumps on both in and outside interfaces suggest an ARP > response problem also, perhaps; no responses on the inside iface at all. Hi Ian-- This may or may not be the source of your problem, but I've been procrastinating on writing this up for a couple months and this was the impetus that pushed me over the edge. In 4-STABLE, there's a bug that prevents ARP from working correctly on unnumbered bridge interfaces when bridging is enabled using the bridge.ko module. Basically, there are some checks in the ARP code that decide when to accept inbound ARP packets. These checks are a little different when the inbound interface is part of a bridge group. Some of these tests are conditional on the BRIDGE preprocessor symbol; this symbol gets defined if "options BRIDGE" is compiled into the kernel but not if you use the bridge.ko module. As a result, ARP packets on unnumbered interfaces get thrown away. The workaround for this problem is just to compile BRIDGE into the kernel. Manuel Kasper and I spent a few cycles working on this trying to make a m0n0wall box into a filtering bridge. For more specifics, see src/sys/netinet/if_ether.c (grep for BRIDGE in this file). Merry Christmas! Bruce. --gBBFr7Ir9EOA20Yy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/60382MoxcVugUsMRAqLXAJwO3y9wj1b1YQNIu9YQBc3gOH/zIQCdFuvu ow3f8V92Nvw7QYk0hUCEVMU= =/ute -----END PGP SIGNATURE----- --gBBFr7Ir9EOA20Yy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031225205212.GA64786>