From owner-freebsd-pf@FreeBSD.ORG Sat Dec 3 11:44:53 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55F7E16A41F for ; Sat, 3 Dec 2005 11:44:53 +0000 (GMT) (envelope-from david@wombatsweb.com) Received: from mail01.bsdmail.net (mail01.bsdmail.net [64.243.181.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E28E43D6B for ; Sat, 3 Dec 2005 11:44:52 +0000 (GMT) (envelope-from david@wombatsweb.com) Received: (qmail 63365 invoked by uid 89); 3 Dec 2005 11:44:50 -0000 Received: by simscan 1.1.0 ppid: 63359, pid: 63361, t: 1.7669s scanners: attach: 1.1.0 clamav: 0.85.1/m:32/d:941 spam: 3.0.2 Received: from unknown (HELO ?64.243.181.151?) (david@icuhost.net@64.243.181.151) by mail01.bsdmail.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 3 Dec 2005 11:44:49 -0000 Message-ID: <43918534.7070001@wombatsweb.com> Date: Sat, 03 Dec 2005 06:44:52 -0500 From: David Pierron User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <43904815.4070805@wombatsweb.com> <43908AB1.7030107@freebsd.org> <43909B86.4050308@wombatsweb.com> <43909F53.4010905@freebsd.org> <4390C868.5010705@wombatsweb.com> <4390EEBE.5090206@freebsd.org> In-Reply-To: <4390EEBE.5090206@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on mail01.bsdmail.net X-Spam-Level: X-Spam-Status: No, score=-5.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, HOT_NASTY autolearn=ham version=3.0.2 Subject: Re: FBSD6 if_bridge X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Dec 2005 11:44:53 -0000 Bruce A. Mah on 12/02/2005 8:02 PM wrote: >If memory serves me right, David Pierron wrote: > > >>Ah! I applied those settings to rc.conf and got the following results: >> >>fxp0: flags=8943 mtu 1500 >> options=8 >> inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp0 prefixlen 64 scopeid 0x1 >> ether xx:xx:xx:xx:xx:xx >> media: Ethernet autoselect (none) >> status: no carrier >>fxp1: flags=8943 mtu 1500 >> options=8 >> inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp1 prefixlen 64 scopeid 0x2 >> ether xx:xx:xx:xx:xx:xx >> media: Ethernet autoselect (none) >> status: no carrier >> >> > >OK, this looks better. No guarantees but I'm pretty sure it would never >have worked before. Hopefully this will at least get you closer. > Bah! Left my IP address in there, but heck ... Who can't look at email headers? >> can't wait until the wee hours to test this! They do seem to have >>IPV6 addresses ... Can I shut that off? Comment out IPV6 in the >>kernel? I don't need IPV6 ... >> >> > >If you really want them gone, then you probably need to comment out IPv6 >from your kernel. > > Since I don't need it at all, I think good to remove from the kernel so nothing is an issue ... Saves me on the ruleset typing and it won't generate those rules needlessly ... While composing I was compiling the new kernel ... Commenting out IPV6 and removing "inet" from the rule did the trick ... It no longer produces 2 rules ... >>Anyway, I'll report on the ifconfig_inf(x)="up" and see if that is the ticket ... >> >> >Looking forward to hearing the good news... > Excuse my French but, OMFG! That was it! I had seen that as part of the OBSD setup ... but I thought that was the way OBSD worked or something because these statements were not necessary for the IPFW BRIDGE setup I have in place now ... I stuffed those CAT5 puppies into the NICs for about 5 minutes maybe ... Got 4100 lines of blocks from the two interfaces ... (They were all "block in" btw) ... Here I thought there wasn't that much traffic at this time of the AM ... Now will compose a ruleset before I start using it again ... Viewing with tcpdump -n -e -ttt -r /var/log/pflog ... WAY more detailed than the IPFW BRIDGE ... Just seeing the DNS queries to the name servers ... NEAT! I even see how noisy the Windows machines are ... so many broadcasts ... I have a colo here, and I see he has DHCP running ... Why? I will ask him later today ... Thanks ever so much! I popped your name in the HOW-TO I am creating @ http://test.davidpierron.com/fbsd-pf.php