Date: Mon, 24 Apr 2023 13:38:29 +0100 From: rb@gid.co.uk To: Tomek CEDRO <tomek@cedro.info> Cc: FreeBSD Hackers <freebsd-hackers@FreeBSD.org> Subject: Re: Host address zero vs bridge, carp and nat Message-ID: <8B45B85E-06E3-4FF3-9168-13A6D85DE38D@gid.co.uk> In-Reply-To: <CAFYkXjnqM=iry%2B%2BodCfTTC9W=KQife0nNVx%2BS5K9VuvPy9Dbdg@mail.gmail.com> References: <BFC2AEDB-4245-4B01-BBC0-9582D5CAC63E@gid.co.uk> <CAFYkXjnqM=iry%2B%2BodCfTTC9W=KQife0nNVx%2BS5K9VuvPy9Dbdg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > On 24 Apr 2023, at 03:15, Tomek CEDRO <tomek@cedro.info> wrote: >=20 > On Mon, Apr 24, 2023 at 12:00=E2=80=AFAM Bob Bishop wrote: >> (..) >> doesn=E2=80=99t pass traffic through the bridge. The NAT is in-kernel = via ipfw and there are firewall rules in play but they do not seem to be = a factor. >=20 > Have you tried sysctl ? > net.link.bridge.ipfw=3D0 > net.link.bridge.pfil_bridge=3D0 > net.link.bridge.pfil_member=3D0 Interesting. Setting net.link.bridge.pfil_member=3D0 seems to fix it = with no other change. So looks like it=E2=80=99s a libalias/pfil thing = with the zero host address. Need net.link.bridge.pfil_bridge=3D1 for ipfw to work at all. net.link.bridge.ipfw=3D0. > --=20 > CeDeROM, SQ7MHZ, http://www.tomek.cedro.info >=20 -- Bob Bishop rb@gid.co.uk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8B45B85E-06E3-4FF3-9168-13A6D85DE38D>