From owner-freebsd-net@FreeBSD.ORG  Sat Feb 19 11:41:17 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 839BA106564A
	for <freebsd-net@freebsd.org>; Sat, 19 Feb 2011 11:41:17 +0000 (UTC)
	(envelope-from nvass@gmx.com)
Received: from mailout-eu.gmx.com (mailout-eu.gmx.com [213.165.64.42])
	by mx1.freebsd.org (Postfix) with SMTP id D21098FC1D
	for <freebsd-net@freebsd.org>; Sat, 19 Feb 2011 11:41:16 +0000 (UTC)
Received: (qmail invoked by alias); 19 Feb 2011 11:41:15 -0000
Received: from adsl-39.79.107.47.tellas.gr (EHLO [192.168.73.192])
	[79.107.47.39]
	by mail.gmx.com (mp-eu004) with SMTP; 19 Feb 2011 12:41:15 +0100
X-Authenticated: #46156728
X-Provags-ID: V01U2FsdGVkX1+qeiUaNtiqRidoumf1gkthxaar//FHmhpoa8duTF
	tXFahuZxyAolvk
Message-ID: <4D5FAC16.7080207@gmx.com>
Date: Sat, 19 Feb 2011 13:40:06 +0200
From: Nikos Vassiliadis <nvass@gmx.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: kevin <k@kevinkevin.com>
References: <000c01cbcf94$35e76e20$a1b64a60$@com>
In-Reply-To: <000c01cbcf94$35e76e20$a1b64a60$@com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: freebsd-net@freebsd.org
Subject: Re: Bridging + VLANS + RSTP / MSTP
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Feb 2011 11:41:17 -0000

On 2/18/2011 7:49 PM, kevin wrote:
> My current testing has shown little promise -- both firewalls will go up,
> traffic will only go to the first firewall. If I reboot that first firewall,
> no traffic will flow to the second bridging firewall. Note that all IPs on
> my network (inside and out) are public IPs, there are no private ips on my
> network.

Could you send your ifconfig bridge output from both firewalls?
If STP is turned off on the four switch ports that the firewalls are
patched, one of the two firewalls must be root of the spanning tree.

Be sure that STP is *really* turned off on the switch, use tcpdump on the
physical ports for this.

Be sure that the FreeBSD's BPDUs are forwarded by the switch, so the one
bridging firewall can exchange BPDUs with the other.

HTH, Nikos