From owner-freebsd-security  Wed Mar 28 10:29:34 2001
Delivered-To: freebsd-security@freebsd.org
Received: from sherline.com (sherline.net [216.120.87.2])
	by hub.freebsd.org (Postfix) with SMTP id E7B9537B724
	for <security@FreeBSD.ORG>; Wed, 28 Mar 2001 10:29:30 -0800 (PST)
	(envelope-from data@irev.net)
Received: (qmail 22274 invoked from network); 28 Mar 2001 18:29:29 -0000
Received: from server.sherline.net (HELO server2) (basharteg@216.120.87.3)
  by sherline.net with SMTP; 28 Mar 2001 18:29:29 -0000
Message-ID: <002d01c0b7b5$11692180$035778d8@sherline.net>
From: "Jeremiah Gowdy" <data@irev.net>
To: "Peter Pentchev" <roam@orbitel.bg>,
	"Mason Harding" <mharding@marketnews.com>
Cc: <security@FreeBSD.ORG>
References: <20010328111618.C9865@pir.net> <BGENLPKDCIBENFNNNAIDIENBCAAA.mharding@marketnews.com> <20010328211608.A10861@ringworld.oblivion.bg>
Subject: Re: Bridging and IPF
Date: Wed, 28 Mar 2001 10:29:40 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> On Wed, Mar 28, 2001 at 12:54:36PM -0500, Mason Harding wrote:
> > Hi.  Has anyone had much luck with Bridging and IPF?  As soon as I
enable
> > bridging both IPF and IPFW stop filtering at all.  If I set them both to
> > deny everything, they still let all packets pass.  When I set
> > net.link.ether.bridge_ipfw=1 my system sits there for a second and then
the
> > kernel crashes and reboots the machine.  I can get
> > net.link.ether.bridge_ipfw set to 1 without a crash if I have no IP
address
> > on any of the bridged interfaces, but I need an IP address so I can use
my
> > external syslog server and ssh into the firewall(untill I know its
running
> > well).  Please help? Oh yah, its FreeBSD 4.2.
>
> Is this a plain vanilla 4.2-RELEASE, or some kind of -stable?
> In any case, could you update to the most recent -stable (4.3-RC at
> the moment) and see if the problems persist?  There have been MANY
> fixes to the routing/bridging code in the last two months.

Yeah there was a kernel panic issue with RELEASE and some older STABLE I
believe.  I use bridge+ipfw, and have used it for quite some time (since
they fixed it).  cvsup to STABLE (or RC)  :)


>
> G'luck,
> Peter
>
> --
> I've heard that this sentence is a rumor.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message