From owner-freebsd-questions Fri Oct 26 14: 6:30 2001 Delivered-To: freebsd-questions@freebsd.org Received: from godzilla.fxprojects.com (godzilla.fxprojects.com [64.81.56.3]) by hub.freebsd.org (Postfix) with ESMTP id A120137B401 for ; Fri, 26 Oct 2001 14:06:22 -0700 (PDT) Received: (from michael@localhost) by godzilla.fxprojects.com (8.11.3/8.11.3) id f9QL6Fk46915; Fri, 26 Oct 2001 14:06:15 -0700 (PDT) (envelope-from michael) Message-Id: <200110262106.f9QL6Fk46915@godzilla.fxprojects.com> Subject: Re: Bridging issue To: scott@lampert.org (Scott Lampert) Date: Fri, 26 Oct 2001 14:06:15 -0700 (PDT) Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: from "Scott Lampert" at Oct 26, 2001 12:51:41 PM From: "Michael McCaffrey" X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG don't know about the error message but you don't need the third interface. just assign the IP to your inside interface. anything that's not for that IP will get bridged. > > I sent this question to -security last week and garnered not a single > response so I hope that maybe I'll have better luck here. > > I have a box I've setup as a bridging firewall with ipfw on 4.4-RELEASE. > It has 3 interfaces - two are bridged, without IP addresses, and the third > has an IP address and is connected to the inside network. Basically it > looks like this: > > +----------+ > | Internet | > +-*--------+ > | 192.168.1.1/24 > | > | > | bridge outside if > +--*------------+ > | |192.168.1.2/24 > | Firewall Box *-------+ > | | | > +--*------------+ | > | bridge inside if | > | | > | +-+-------+ +---------------+ > +------------------| Switch |---------| other systems | > +---------+ +---------------+ > > > > I hope the poor ascii art helps rather than hinders. :) In any event, I've > noticed after running the firewall for a few hours that I start getting the > following message in my dmesg output: > > arp: 00:aa:bb:cc:dd:ee is using my IP address 192.168.1.2! > xx ouch, bdg_forward for local pkt > > > The box is complaining about that third interface having its IP. It looks > like it doesn't realize that the interface belongs to itself. Is this > normal behavior or have I misconfigured something? Do I need to add the > third interface to the bridge configuration somehow? This exact > configuration runs without any complaints under OpenBSD 2.9 however for > various reasons I'd prefer to run FreeBSD on this box. If more information > is required I'd be more than happy to provide it. Thanks, > > -Scott > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > _ _ (_)-(_) (o o) ooO--(_)--Ooo- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message