From owner-freebsd-net@FreeBSD.ORG  Wed Jul 30 10:54:51 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0185237B401
	for <freebsd-net@freebsd.org>; Wed, 30 Jul 2003 10:54:51 -0700 (PDT)
Received: from endikos.com (endikos.com [216.234.204.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5917A43F3F
	for <freebsd-net@freebsd.org>; Wed, 30 Jul 2003 10:54:50 -0700 (PDT)
	(envelope-from webmaster@endikos.com)
Received: from psiuserswknechtel (psi-user-wknechtel.nmsu.edu
	[::ffff:128.123.211.68])
	by endikos.com with esmtp; Wed, 30 Jul 2003 17:19:22 -0600
From: "William Knechtel" <webmaster@endikos.com>
To: "'Don Bowman'" <don@sandvine.com>, freebsd-net@freebsd.org
Date: Wed, 30 Jul 2003 11:54:45 -0600
Message-ID: <004c01c356c3$ab9fe4a0$44d37b80@ad.psinp.org>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C853370274206D@mail.sandvine.com>
Subject: RE: Help with FreeBSD Bridged Firewall
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2003 17:54:51 -0000

Yeah, the arp cache is the problem, thanks for nailing that one for me.
However, the ipfw rule you supplied doesn't seem to want to work for
me...  I think for the time being I'll just run a cron job every 15
minutes or so that clears the arp cache completely.  Thanks again for
your help!!  I really appreciate it!

Kindest Regards,
Bill

-----Original Message-----
From: Don Bowman [mailto:don@sandvine.com] 
Sent: Tuesday, July 29, 2003 7:33 PM
To: 'William Knechtel'; freebsd-net@freebsd.org
Subject: RE: Help with FreeBSD Bridged Firewall

> From: William Knechtel [mailto:webmaster@endikos.com]

I think you need to allow arp through this device, something 
like:
ipfw add 30 allow layer2 mac-type arp
[not sure which rule to insert it at].

I'm guessing your arp cache is timing out.