From owner-freebsd-net  Tue Nov 24 06:22:20 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA27443
          for freebsd-net-outgoing; Tue, 24 Nov 1998 06:22:20 -0800 (PST)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id GAA27438
          for <freebsd-net@freebsd.org>; Tue, 24 Nov 1998 06:22:18 -0800 (PST)
          (envelope-from luigi@labinfo.iet.unipi.it)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id NAA05659; Tue, 24 Nov 1998 13:26:31 +0100
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199811241226.NAA05659@labinfo.iet.unipi.it>
Subject: Re: bridging hints?
To: alden@math.ohio-state.edu (Dave Alden)
Date: Tue, 24 Nov 1998 13:26:31 +0100 (MET)
Cc: freebsd-net@FreeBSD.ORG
In-Reply-To: <19981123133825.A5023@zaphod.mps.ohio-state.edu> from "Dave Alden" at Nov 23, 98 01:38:06 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> That's what I'm trying to do.  :-)  What I meant by "client" was that I
> set "firewall_type" to "client" in rc.conf.

> It doesn't make a difference.  I've gotten a little bit further.  Here's my
> setup:
> 
>     Hub_1
>     |   |
>     A  Hub_2
>        | | |
>        B C D
>            |
>            E
> 
...
> If I telnet from B to E, I get the following syslog'ed on D:
> 
> Nov 23 13:04:54 D /kernel: ipfw: 100 Deny TCP B:1114 E:23 out via fxp1
> 
> Which is what I'd expect.  If I telnet from C (or A) to E, I get the
> following syslog'ed on D:
> 
> ipfw: 200 Accept TCP C E out via fxp1 Fragment = 64
> ipfw: 200 Accept TCP C E out via fxp1 Fragment = 64
> ipfw: 200 Accept TCP C E out via fxp1 Fragment = 64
> ipfw: 200 Accept TCP C E out via fxp1 Fragment = 64
> Nov 23 13:06:23 D /kernel: ipfw: 200 Accept TCP C E out via fxp1 Fragment = 64
> 
> I ran snoop (Solaris packet sniffer) and as far as I can tell, the packets
> coming from C (and A) are not fragmented.  Have I misconfigured something?
> Any ideas?  Help?  :-)

it is really curious that B and C behave differently. Do you have a
tcpdump/snoop output to see what options are carried by the packets ?

	luigi
> ps  I'm running 2.2.7-stable -- should I be running 2.2-current?

there is no 2.2-current, -current is on the 3.0 branch and there is no
bridging in that branch (yet)

	luigi

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message