From owner-freebsd-net@FreeBSD.ORG  Sat Apr 15 09:54:00 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 23B0916A404
	for <freebsd-net@freebsd.org>; Sat, 15 Apr 2006 09:54:00 +0000 (UTC)
	(envelope-from freebsd-listen@fabiankeil.de)
Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de
	[80.67.18.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FF4F43D95
	for <freebsd-net@freebsd.org>; Sat, 15 Apr 2006 09:53:58 +0000 (GMT)
	(envelope-from freebsd-listen@fabiankeil.de)
Received: (qmail 8147 invoked from network); 15 Apr 2006 09:53:57 -0000
Received: from unknown (HELO localhost) ([pbs]775067@[217.50.135.227])
	(envelope-sender <freebsd-listen@fabiankeil.de>)
	by smtprelay03.ispgateway.de (qmail-ldap-1.03) with SMTP
	for <doconnor@gsoft.com.au>; 15 Apr 2006 09:53:57 -0000
Date: Sat, 15 Apr 2006 11:53:52 +0200
From: Fabian Keil <freebsd-listen@fabiankeil.de>
To: "Daniel O'Connor" <doconnor@gsoft.com.au>
Message-ID: <20060415115352.1ef82bb1@localhost>
In-Reply-To: <200604151053.25089.doconnor@gsoft.com.au>
References: <200604142048.20189.doconnor@gsoft.com.au>
	<20060414140709.20c51ebc@localhost>
	<200604151053.25089.doconnor@gsoft.com.au>
X-Mailer: Sylpheed-Claws 2.0.0 (GTK+ 2.8.6; i386-portbld-freebsd6.0)
X-PGP-KEY-URL: http://www.fabiankeil.de/gpg-keys/freebsd-listen-2006-08-19.asc
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="Sig_fPotYHSh/4uP.t3yYX94tMJ";
	protocol="application/pgp-signature"; micalg=PGP-SHA1
Cc: freebsd-net@freebsd.org
Subject: Re: How to use if_bridge
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Apr 2006 09:54:00 -0000

--Sig_fPotYHSh/4uP.t3yYX94tMJ
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

"Daniel O'Connor" <doconnor@gsoft.com.au> wrote:

> On Friday 14 April 2006 21:37, Fabian Keil wrote:

> > Depending on your firewall setup you might have to disable
> > some of the net.link.bridge sysctls as well.
>=20
> I don't have any firewalls in the kernel for simplicity at this stage.

If I'm not mistaken you have to disable net.link.bridge.pfil_onlyip
then. From the if_bridge man page:

|net.link.bridge.pfil_onlyip  Set to 1 to only allow IP packets to
|                             pass when packet filtering is enabled (subjec=
t to
|                             firewall rules), set to 0 to unconditionally
|                             pass all non-IP Ethernet frames.

It's enabled by default.

Fabian
--=20
http://www.fabiankeil.de/

--Sig_fPotYHSh/4uP.t3yYX94tMJ
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD4DBQFEQMKxjV8GA4rMKUQRAssCAKCS96aE3PgYKumaLOnWmEsmUXDgBgCWNVu8
aDYYYn9ssmWprsL4NW4yPw==
=CXLa
-----END PGP SIGNATURE-----

--Sig_fPotYHSh/4uP.t3yYX94tMJ--