From owner-freebsd-stable Sun Jun 2 11:45:22 2002 Delivered-To: freebsd-stable@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 0DFAD37B405 for ; Sun, 2 Jun 2002 11:45:16 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020602184515.EUZP11659.rwcrmhc53.attbi.com@blossom.cjclark.org>; Sun, 2 Jun 2002 18:45:15 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g52IjEY33281; Sun, 2 Jun 2002 11:45:14 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Sun, 2 Jun 2002 11:45:14 -0700 From: "Crist J. Clark" To: =?iso-8859-1?Q?Johan_Bj=F6rk?= Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Bridge and ARP problem Message-ID: <20020602114514.G20911@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <3CFA5F70.9020000@qbrick.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <3CFA5F70.9020000@qbrick.com>; from johan.bjork@qbrick.com on Sun, Jun 02, 2002 at 08:09:52PM +0200 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Jun 02, 2002 at 08:09:52PM +0200, Johan Björk wrote: > Hi folks, > > I have a working firewall using BRIDGE and ipfilter (Patch from: > http://people.freebsd.org/~cjc/). > > But when I installed two more NIC's for our LAN I see some errors. I > have a real IP-address on LAN outside interface, using ipnat for our > traffic. > I see: > /kernel: arp: 00:01:02:8a:72:d8 is using my IP address XX.XXX.XXX.XX > > (XX = outside IP-address) The mac-address is the outside interface of > the DMZ-bridge. Both outside interfaces are connected to the same switch. > > The network setup: > > [Internet] > | > | > [ Switch ]----[Outside interface DMZ; No Ip-address assign] > | > | > [ Outside interface LAN] I don't understand this diagram. Where is the FreeBSD bridge in question? Who has the IP address XX.XXX.XXX.XX? What IP addresses are assigned to the bridges interfaces? > Why does my bridge think it have an IP-address? The setup is working, > so I don´t know why I get this errors. > > System: > FreeBSD 4.5-STABLE-20020502 > > rc.conf: > ipfilter_enable="YES" > ipfilter_flags="" > ipnat_enable="YES" > gateway_enable="YES" You probably don't need 'gateway_enable.' Where are you turning on and configuring the bridging? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message