From owner-freebsd-net@FreeBSD.ORG  Thu Dec 13 07:02:56 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A39AF16A41B
	for <freebsd-net@freebsd.org>; Thu, 13 Dec 2007 07:02:56 +0000 (UTC)
	(envelope-from randy@psg.com)
Received: from rip.psg.com (rip.psg.com [147.28.0.39])
	by mx1.freebsd.org (Postfix) with ESMTP id 915E713C44B
	for <freebsd-net@freebsd.org>; Thu, 13 Dec 2007 07:02:56 +0000 (UTC)
	(envelope-from randy@psg.com)
Received: from [202.214.86.183]
	by rip.psg.com with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.68 (FreeBSD)) (envelope-from <randy@psg.com>)
	id 1J2i5u-0005h4-Gn; Thu, 13 Dec 2007 07:02:54 +0000
Message-ID: <4760D90D.8080205@psg.com>
Date: Thu, 13 Dec 2007 16:02:37 +0900
From: Randy Bush <randy@psg.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: Ian Smith <smithi@nimnet.asn.au>
References: <Pine.BSF.3.96.1071213164321.1009B-100000@gaia.nimnet.asn.au>
In-Reply-To: <Pine.BSF.3.96.1071213164321.1009B-100000@gaia.nimnet.asn.au>
X-Enigmail-Version: 0.95.5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: FreeBSD Net <freebsd-net@freebsd.org>
Subject: Re: ifconfig: BRDGADD vr1: Invalid argument
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2007 07:02:56 -0000

sorry, neglected to include /etc/ipfw.rules

# egrep -v '^(#|$)' /etc/ipfw.rules
flush
add deny log all from any to any ipoptions ssrr,lsrr,rr
add pass tcp from me to 666.42.0.62 smtp
add deny log tcp from any to any smtp
add deny all from any to me auth
nat 42 config if vr0 log
add nat 42 ip4 from any to any via vr0
add 65530 pass all from any to any

> What do your net.link.bridge.pfil_{onlyip,member,bridge} sysctls wind up
> being, noting that your bridge iface is serving DHCP and:

same either way

# sysctl -w net.link.bridge.ipfw=0
net.link.bridge.ipfw: 1 -> 0
# sysctl -a | grep net.link.bridge.pfil
net.link.bridge.pfil_local_phys: 0
net.link.bridge.pfil_member: 0
net.link.bridge.pfil_bridge: 0
net.link.bridge.pfil_onlyip: 0

# sysctl -w net.link.bridge.ipfw=1
net.link.bridge.ipfw: 0 -> 1
# sysctl -a | grep net.link.bridge.pfil
net.link.bridge.pfil_local_phys: 0
net.link.bridge.pfil_member: 0
net.link.bridge.pfil_bridge: 0
net.link.bridge.pfil_onlyip: 0

randy