Date: Thu, 22 Feb 2007 18:22:30 +0100 From: Andrea Venturoli <ml.diespammer@netfence.it> To: "Bruce A. Mah" <bmah@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: Bridge and NAT problems Message-ID: <45DDD156.3020805@netfence.it> In-Reply-To: <45DDC9CD.1020207@freebsd.org> References: <45DDABA6.60407@netfence.it> <45DDC9CD.1020207@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce A. Mah wrote: > You didn't say which bridging driver or version of FreeBSD you're using, > but it sounds to me like you're using bridge(4), right? Yes. > This is a > fairly well known problem, which I wrote a little bit about here: > > http://lists.freebsd.org/pipermail/freebsd-net/2004-December/006075.html > > (This message describes a scenario with ipf, but it applies equally well > I think to ipfw.) Read that. So I guess my analysis was wrong in that I thought natd was not reconverting packets; from what you say I understand the problem is that this packets are not diverted to natd, right? The details are right now beyond my understanding... > If you can, try switching to using if_bridge(4). I cannot right now, since I have to wait to be physically at this box, but I could try in the future. Do you see any drawback? > You (probably) want to > assign the public NAT address to the bridge0 interface, and leave the > physical interfaces making up the bridges (xl0 and rl1 in your case) > unnumbered. I've had good experiences with this type of configuration. Ok. So I would only need to create the bridge0 interface as per man page sysctl net.link.bridge.ipfw=1 sysctl net.link.bridge.pfil_onlyip=0 change every reference to rl1 in my ipfw ruleset to bridge0 Anything else? Would everything work the same as now (apart from this "feature" which is causing me troubles)? bye & Thanks a lot av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45DDD156.3020805>