From owner-freebsd-net@freebsd.org Tue Jul 9 00:52:49 2019 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CB3A15C0CCF for ; Tue, 9 Jul 2019 00:52:49 +0000 (UTC) (envelope-from jbwlists@hilltopgroup.com) Received: from equinox.hilltopgroup.com (equinox.hilltopgroup.com [204.109.63.175]) by mx1.freebsd.org (Postfix) with ESMTP id C9C946DD2E for ; Tue, 9 Jul 2019 00:52:44 +0000 (UTC) (envelope-from jbwlists@hilltopgroup.com) Received: from mail.relativity.hilltopgroup.com (unknown [104.185.205.155]) by equinox.hilltopgroup.com (Postfix) with ESMTP id 43F0037BD9F for ; Mon, 8 Jul 2019 20:54:49 -0400 (EDT) Received: from [192.168.8.200] (unknown [104.185.205.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jbwlists@hilltopgroup.com) by mail.relativity.hilltopgroup.com (Postfix) with ESMTPSA id D5F3E2EE0C for ; Mon, 8 Jul 2019 20:52:37 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hilltopgroup.com; s=mail; t=1562633558; bh=PaA4PYXJvEG3yru2puC2WvJy62yPV0yNnwDvtcuAivc=; h=Subject:To:References:From:Date:In-Reply-To; b=OgFhRyfdj/sga0YiKTPYJYnxpf9gN7R+FxqAnqV7/zVnVOtzjK1bIrx7OVcujmJHB b+Fy9dEz75COAzPPt+QTCuBlGvgtIkUGqSgjrChizuHbLJMuhmOx0epFLX0u3rI+DI q4CIt0Y9Wwbox5Nt4dkZ25iZl5w1ltG29dasqSwY= Subject: Re: Bridge Not Forwarding ARP To: freebsd-net@freebsd.org References: From: Joseph Ward Message-ID: Date: Mon, 8 Jul 2019 20:52:36 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: C9C946DD2E X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hilltopgroup.com header.s=mail header.b=OgFhRyfd; spf=pass (mx1.freebsd.org: domain of jbwlists@hilltopgroup.com designates 204.109.63.175 as permitted sender) smtp.mailfrom=jbwlists@hilltopgroup.com X-Spamd-Result: default: False [-4.46 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[hilltopgroup.com:s=mail]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[hilltopgroup.com]; DKIM_TRACE(0.00)[hilltopgroup.com:+]; MX_GOOD(-0.01)[equinox.hilltopgroup.com,mail2.hilltopgroup.com,mail.hilltopgroup.com]; NEURAL_HAM_SHORT(-0.83)[-0.834,0]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-1.21)[ipnet: 204.109.60.0/22(-2.13), asn: 36236(-3.88), country: US(-0.06)]; ASN(0.00)[asn:36236, ipnet:204.109.60.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 00:52:49 -0000 I had this exact issue while virtualbox had a guest network adapter bridged to the external interface that the FreeBDS bridge0 interface was bridged to.  If I shutdown the VMs, ARP magically started working bidirectionally, and after restarting the VMs it failed again. My fix was eventually to just have 2 external NICs; one exclusively for the virtualbox systems.  I have no idea if you have a virtualbox guest present, but if so that was my fix.  The issue occurred on both igb and re NICs. -Joseph On 2019-07-08 12:13, Dan Lists wrote: > I have a server running FreeBSD 11.2 that I am wanting to use as a bridged > firewall. I have it set up and it mostly works. The problem is that ARP > replies are not being forwarded from the outside interface to the inside > interface. It appears to be working in the other direction. I see the > ARP request go out on the outside interface and the reply arrives back at > the outside interface. The ARP reply is never getting to the bridge or to > the inside interface. > > The firewall server and the device behind it are in ESX. I think I've > worked all the ESX issues out. When I manually add an ARP entry everything > works. I've done this before with a physical server running FreeBSD 8.4 > and it works as expected. The differences are physical vs virtual, and > 8.4 vs 11.2. > > I'm at a loss as to why it is not working. I've searched the web and > found noting. If anyone could offer suggestions on how to fix this or > begin to debug it I would greatly appreciate it. > > Thanks, > > Dan > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"