From owner-freebsd-net@freebsd.org Thu May 26 17:13:41 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0096CB4A568 for ; Thu, 26 May 2016 17:13:41 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from webmail2.jnielsen.NET (webmail2.jnielsen.net [50.114.224.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "webmail2.jnielsen.net", Issuer "freebsdsolutions.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DB19F1D54 for ; Thu, 26 May 2016 17:13:40 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from jnielse-ml.domo.com (50-207-241-62-static.hfc.comcastbusiness.net [50.207.241.62]) (authenticated bits=0) by webmail2.jnielsen.NET (8.15.2/8.15.2) with ESMTPSA id u4QHDRjK070604 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 May 2016 11:13:32 -0600 (MDT) (envelope-from lists@jnielsen.net) X-Authentication-Warning: webmail2.jnielsen.NET: Host 50-207-241-62-static.hfc.comcastbusiness.net [50.207.241.62] claimed to be jnielse-ml.domo.com Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: Bridge interface and ARP traffic From: John Nielsen In-Reply-To: Date: Thu, 26 May 2016 11:13:28 -0600 Cc: freebsd-net@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <9746AF3A-3440-4277-9D25-E78B04A35A6D@jnielsen.net> References: To: Aqz X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2016 17:13:41 -0000 > On May 20, 2016, at 12:30 AM, Aqz wrote: >=20 > Hello, >=20 > I have a very strange issue with passing ARP traffic through bridge > interface. > I'm using FreeBSD 10.3-REL VMWare virtual machine as bridge between = two > networks using the same IP address space. Bridge interface doesn't = have IP > address assigned so it acts more like a switch between those two = virtual > networks - let's call them NET and PUB. > Gateway for our network is in NET vlan, all the virtual machines are = in the > PUB vlan. >=20 > Traffic passes through this bridge, but there are few problems. >=20 > I have to manually add static ARP table entries for gateway on all the > machines in PUB network - I can see ARP broadcasts from machines = asking > where's the gateway, and the reply but only on one of bridged = interfaces - > the one from NET side. The response is not visible on bridge = interface, nor > the PUB vlan interface. >=20 > Also, when I try to ping a machine that's in NET network from PUB = network > all network traffic suddenly stops, even when I'm pinging some = nonexistent > host. I have to use virtual console and ping for ex. DNS server, or = any > internet host to make traffic start again. >=20 > I'm not sure what I'm doing wrong - I've been using a similar = configuration > before (with physical machines). >=20 > Here's my ifconfig output http://aquaz.eu/bridgeifconfig.txt The first thing to check is the hypervisor. Do you have your VM = configured to allow the NICs to use promiscuous mode? Is there any kind = of IP/MAC matching or filtering going on? Next thing to check is firewall in the VM. Is IPFW or PF enabled? What = is the output of "sysctl net.link.bridge" ? The ping problems are definitely weird, not sure what to think about = that. JN=