From owner-freebsd-net Mon Feb 5 22:35:36 2001 Delivered-To: freebsd-net@freebsd.org Received: from syncopation-01.iinet.net.au (syncopation-01.iinet.net.au [203.59.24.37]) by hub.freebsd.org (Postfix) with SMTP id BB99F37B4EC for ; Mon, 5 Feb 2001 22:35:17 -0800 (PST) Received: (qmail 12454 invoked by uid 666); 6 Feb 2001 06:39:52 -0000 Received: from reggae-03-98.nv.iinet.net.au (HELO elischer.org) (203.59.78.98) by mail.m.iinet.net.au with SMTP; 6 Feb 2001 06:39:52 -0000 Message-ID: <3A7F8C60.D0AA954B@elischer.org> Date: Mon, 05 Feb 2001 21:32:16 -0800 From: Julian Elischer X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386) X-Accept-Language: en, hu MIME-Version: 1.0 To: Rich Wales Cc: Luigi Rizzo , patrick@netzuno.com, freebsd-net@FreeBSD.ORG, julian@FreeBSD.ORG Subject: Re: BRIDGE breaks ARP? (more info) References: <20010205215641.59637.richw@wyattearp.stanford.edu> Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Rich Wales wrote: > > Luigi Rizzo wrote: > > > it looks like it essentially reverts to the old (1.75) behaviour, > > . . . when bridging is compiled in (and now, when bridging is > > enabled), arp requests do not consider the interface from which > > the request came from. . . . there are some cases where you are > > doing bridging separately on clusters of interfaces, . . . > > In my case, I want to maintain two distinct clusters on my bridge -- > one cluster with publicly accessible IP addresses (part of the Internet > at large), and another cluster with private IP addresses (for a local > network that is allowed to access the Internet only through proxies). > > If I implement Julian's mod in my bridge, am I going to run into > problems with misdirected ARP packets? Or should I be safe because > my two clusters are dealing with completely separate groups of IP > addresses (one external, the other internal)? the fix is to leave the behaviour as it was before in the case where bridging is enabled and to make it behave as if bridging is not compiled in when it is disabled. The behaviour in both these cases is defined by previous behaviour. If you want two totally separate bridged networks, then netgraph bridging already does that. Just define 2 bridge nodes and connect them to the appropriate interfaces. Instead of trying to fix the old bridging which was written when netgraph was not publically available (It was as good as could be done at the time, but it was like trying to fit a square peg into a round hole.... a hack at best) the same effort should be put into making netgraph bridging do what is needed by different people. it will be a lot easier and a lot more useful in the end. > > Rich Wales richw@webcom.com http://www.webcom.com/richw/ -- __--_|\ Julian Elischer / \ julian@elischer.org ( OZ ) World tour 2000-2001 ---> X_.---._/ v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message