From owner-freebsd-net@FreeBSD.ORG Thu Dec 13 06:47:58 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F3DA16A4A1; Thu, 13 Dec 2007 06:47:58 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.freebsd.org (Postfix) with ESMTP id B6CE213C45A; Thu, 13 Dec 2007 06:47:55 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.5) with SMTP id RAA06354; Thu, 13 Dec 2007 17:47:44 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Thu, 13 Dec 2007 17:47:43 +1100 (EST) From: Ian Smith To: Randy Bush In-Reply-To: <4760ACC9.70305@psg.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: FreeBSD Net , "Bruce M. Simpson" Subject: Re: ifconfig: BRDGADD vr1: Invalid argument X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Dec 2007 06:47:58 -0000 On Thu, 13 Dec 2007, Randy Bush wrote: > ok, i have bridging working (kernel/userland version skew likely culprit, thanks max), > except that ath0 does not seem to completely bridge. bms may have warned me in saying > > > although you won't get the 802.11 frames bridged. I'm wondering just what that means too .. > the problem: > o hosts on vr1, vr2, and vr3 get dhcp addresses and can see the world > o host on ath0 can not get dhcp address > - soekris sees dhcp request and responds > - response not seen by anyone on wireless > - tcpdump says dhcpd is sending the response (see below) > > the plan: > > Soekris 5501 > .-----------------------. > | | > | b ---ath0| > | r | LAN > external | i --- vr1| > ------------|vr0---NAT---- d | DHCP > WAN | g --- vr2| > | e | Clients > | 0 --- vr3| > | | > `-----------------------' > > vr0 gets address via DHCP from external link > > bridge0 is hard coded as 192.168.0.1/24 > > dhcpd runs on bridge0 for the range 192.168.0.100-199 to feed the LAN. > > --- > > from /etc/rc.conf: > > firewall_enable=YES # Set to YES to enable firewall functionality > firewall_type="/etc/ipfw.rules" # Firewall type (see /etc/rc.firewall) > firewall_quiet=YES # Set to YES to suppress rule display > firewall_logging=YES # Set to YES to enable events logging > > ifconfig_vr0=DHCP > cloned_interfaces=bridge0 > ifconfig_bridge0="192.168.0.1 addm vr1 addm vr2 addm vr3 up addm ath0" > ifconfig_vr1=up > ifconfig_vr2=up > ifconfig_vr3=up > ifconfig_ath0="channel 4 ssid rgnet-aden wep wepkey x mediaopt hostap up" > > gateway_enable=YES > > --- > > from /etc/sysctl.conf: > > # nat > net.inet.ip.fw.one_pass=0 > > # bridging > #net.link.ether.ipfw=1 -- uncomment and connectivity on vr0 is lost Do your ipfw rules handle ethernet packets, or maybe enabling this and not filtering on them (ie allow) affects vr0 connectivity? (guessing, while still largely ignorant of layer2 filtering despite 10 x ipfw(8)) > net.link.bridge.ipfw=1 > net.link.bridge.ipfw_arp=1 > > # ath bridging > net.inet.ip.check_interface=0 Not asking entirely gratuitously as I'm also trying to sus out relations between ipfw, if_bridge, dummynet pipes, maybe nat, planning to 7-ise a 4.8 box that has for years run on ipfw1 and ye olde bridge(4) between a gateway and an unruly mob of assorted community groups - and struggling. What do your net.link.bridge.pfil_{onlyip,member,bridge} sysctls wind up being, noting that your bridge iface is serving DHCP and: net.link.bridge.ipfw Set to 1 to enable layer2 filtering with ipfirewall(4), set to 0 to disable it. This needs to be enabled for dummynet(4) support. When ipfw is enabled, pfil_bridge and pfil_member will be disabled so that IPFW is not run twice; these can be re-enabled if desired. cheers, Ian (tailquoting julian-style for sent-mail reference :) > --- > > # ifconfig -a > vr0: flags=8843 metric 0 mtu 1500 > options=b > ether 00:00:24:c8:b3:28 > inet 666.42.86.171 netmask 0xffffffc0 broadcast 666.42.86.191 > media: Ethernet autoselect (100baseTX ) > status: active > vr1: flags=8943 metric 0 mtu 1500 > options=9 > ether 00:00:24:c8:b3:29 > media: Ethernet autoselect (none) > status: no carrier > vr2: flags=8943 metric 0 mtu 1500 > options=9 > ether 00:00:24:c8:b3:2a > media: Ethernet autoselect (none) > status: no carrier > vr3: flags=8943 metric 0 mtu 1500 > options=9 > ether 00:00:24:c8:b3:2b > media: Ethernet autoselect (none) > status: no carrier > ath0: flags=8943 metric 0 mtu 1500 > ether 00:0b:6b:83:59:25 > media: IEEE 802.11 Wireless Ethernet autoselect (autoselect ) > status: associated > ssid rgnet-aden channel 4 (2427 Mhz 11g) bssid 00:0b:6b:83:59:25 > authmode OPEN privacy ON deftxkey UNDEF wepkey 1:104-bit txpower 31.5 > scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi11g 7 > roam:rate11g 5 protmode CTS burst dtimperiod 1 > lo0: flags=8049 metric 0 mtu 16384 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 > inet6 ::1 prefixlen 128 > inet 127.0.0.1 netmask 0xff000000 > bridge0: flags=8843 metric 0 mtu 1500 > ether c6:75:12:20:d9:c2 > inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: ath0 flags=143 > ifmaxaddr 0 port 5 priority 128 path cost 370370 > member: vr3 flags=143 > ifmaxaddr 0 port 4 priority 128 path cost 200000 > member: vr2 flags=143 > ifmaxaddr 0 port 3 priority 128 path cost 55 > member: vr1 flags=143 > ifmaxaddr 0 port 2 priority 128 path cost 55 > > --- > > the tcpdump -i ath0 > > 03:48:29.717236 00:18:de:21:76:c9 (oui Unknown) > Broadcast Null Supervisory, Receiver not Ready, rcv seq 64, Flags [Poll], length 6 > 03:48:29.717244 00:18:de:21:76:c9 (oui Unknown) > Broadcast Null Supervisory, Receiver not Ready, rcv seq 64, Flags [Poll], length 6 > 03:48:30.192604 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:18:de:21:76:c9 (oui Unknown), length 300 > 03:48:30.192613 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:18:de:21:76:c9 (oui Unknown), length 300 > 03:48:30.193467 IP 192.168.0.1.bootps > test.psg.com.bootpc: BOOTP/DHCP, Reply, length 300 > 03:48:33.192787 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:18:de:21:76:c9 (oui Unknown), length 300 > 03:48:33.192799 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:18:de:21:76:c9 (oui Unknown), length 300 > 03:48:33.194067 IP 192.168.0.1.bootps > test.psg.com.bootpc: BOOTP/DHCP, Reply, length 300 > > --- > > randy