From owner-freebsd-questions@FreeBSD.ORG Thu Feb 12 06:32:21 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE97516A4CE for ; Thu, 12 Feb 2004 06:32:21 -0800 (PST) Received: from mail.valuehost.co.uk (mail.valuehost.co.uk [62.25.99.6]) by mx1.FreeBSD.org (Postfix) with SMTP id 1C99543D39 for ; Thu, 12 Feb 2004 06:32:21 -0800 (PST) (envelope-from bjorn@eikeland.info) Received: (qmail 32872 invoked by uid 89); 12 Feb 2004 14:32:10 +0000 Received: from unknown (HELO beer.eikeland.info) (bjorn@eikeland.info@80.202.106.8) by mail.valuehost.co.uk with SMTP; 12 Feb 2004 14:32:10 +0000 To: "Aaron D. Gifford" References: <20040212105656.30C99620E@eq.net> Message-ID: From: Bjorn Eikeland Content-Type: text/plain; format=flowed; charset=iso-8859-15 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Date: Thu, 12 Feb 2004 15:30:44 +0100 In-Reply-To: <20040212105656.30C99620E@eq.net> User-Agent: Opera7.23/FreeBSD M2 build 518 cc: "freebsd-questions@freebsd.org" Subject: Re: 5.2 Bridging issue X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2004 14:32:21 -0000 På Thu, 12 Feb 2004 03:56:56 -0700 (MST), skrev Aaron D. Gifford : > PROBLEM SUMMARY: > ---------------- > > I've got a bridge(4) issue on a BSD 5.2.1 box. The bridging box has > three ethernet interfaces, two bridged together in a single cluster, and > one connected to the internet. The box acts as a bridge for the two > network segments, and as a router to the Internet (it's the default > gateway). The problem is, only one of the bridged segments can > communicate with the BSD box directly (and thus the Internet), even > though the two segments can talk to each other just fine. > > > NETWORK SET-UP: > --------------- > > First, let me clue you in on my network set-up: > > FreeBSD 5.2 Box with 3 ethernet interfaces, em0, rl0, and rl1: > > [FreeBSD Box] > | | | > rl0 rl1 em0 > | | | > | | +---To-Internal-Network-Segment-#1... > | | > | +---To-Internal-Network-Segment-#2.. > | > +---Internet... > > Interfaces rl1 and em0 are bridged: > > net.link.ether.bridge.config=em0:1,rl1:1 > > Since they ARE bridged and so are "on the same subnet", only em0 has > an IP address: > > ifconfig em0 inet 10.10.10.1/16 > > I don't see how or why one would need or could assign an IP on the > same subnet to the other interface, rl1, unless it was handled like > many alias addresses, as a /32 host address. > > Interface rl0 is the link to the Internet. > > Bridging for the most part seems to be working. Hosts on segment #1 > (via em0) are visible to hosts on segment #2 (connected via rl1). They > can ping each other, get ARP address resolution, and pass IP traffic. > > All hosts use 10.10.10.1 as their default gateway to the Internet. > > Hosts on segment #1 can reach the Internet just fine. > > > PROBLEM DETAILS: > ---------------- > > Hosts on segment #2 cannot seem to be able to communicate with the > bridinging/routing FreeBSD box's own IP addresses, and since it is the > default gateway, in turn they cannot reach the Internet. No layer 2 > traffic (ARP) reaches the FreeBSD box directly (the ARP table shows > "incomplete" for all segment #2 addresses, even though ARP packets > DO reach segment #1 just fine, passing transparently through the > FreeBSD box. The BSD box just can't see stuff addressed directly to it. > > This is NOT a firewalling or NAT issue. This is exclusively a bridging > issue. Firewalling/NAT occurse elsewhere. > > So since I'm a FreeBSD bridge(4) newbie, after scouring the man page, > reading the Handbook's information, searching various mailing list > archives, > I can't find anything useful that tells me if bridge's bdg_forward() > knows > how to handle traffic like this. Apparently it doesn't. > > So bridging is just fine if you want your BSD box hidden, transparent, > invisible. But if you want it visible so it can act as a default gateway > to all segments of a subnet that are bridged together, HOW DOES ONE DO > IT? > > I can't ifconfig the rl1 interface with an IP on the same subnet unless > it's > a /32, and that accomplishes nothing (the IP packets are addressed to the > IP address assigned to em0). Bridging SHOULD just bridge, so traffic to > the BSD box's em0 IP should come in on rl1 and be processed by the host. > > Somehow the bridging code knows the MAC addresses on the segment #2 side > of > things (rl1), since it passes traffic between the two segments just fine. > But the kernel's ARP table is totally ignorant. It can't find those > hosts. > > > REQUEST FOR HELP: > ----------------- > > Thanks in advance for all help, pointers, etc. If there's not a way to > do > this, then this sounds like an issue that should be added to the BUGS > section > of the bridge(4) man page. > > Aaron out. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > Try sysctl net.inet.ip.check_interface=0 - sounds like the same problem i had with my bridge a while back. good luck! Bjorn