From owner-freebsd-net@freebsd.org Thu Dec 3 16:39:41 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D72D1A40F90 for ; Thu, 3 Dec 2015 16:39:41 +0000 (UTC) (envelope-from jvp@lateapex.net) Received: from riddler.lateapex.net (riddler.lateapex.net [108.28.193.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "riddler.lateapex.net", Issuer "riddler.lateapex.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9A147155A for ; Thu, 3 Dec 2015 16:39:41 +0000 (UTC) (envelope-from jvp@lateapex.net) Received: from [127.0.0.1] (riddler.lateapex.net [IPv6:2001:470:e2f8:6969:0:0:0:217]) (authenticated bits=0) by riddler.lateapex.net (8.15.2/8.15.2) with ESMTPA id tB3GcIO1062686 for ; Thu, 3 Dec 2015 11:38:19 -0500 (EST) (envelope-from jvp@lateapex.net) X-Authentication-Warning: riddler.lateapex.net: Host riddler.lateapex.net [IPv6:2001:470:e2f8:6969:0:0:0:217] claimed to be [127.0.0.1] To: freebsd-net@freebsd.org From: Jason Van Patten Subject: Bridge Interfaces and ARPs Message-ID: <56606FFA.7090208@lateapex.net> Date: Thu, 3 Dec 2015 11:38:18 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Milter: Spamilter DataSet=MTA-Peer; receiver=riddler.lateapex.net; sender-ip=2001:470:e2f8:6969::217; sender-helo=[127.0.0.1]; X-Milter: Spamilter DataSet=SessionId; receiver=riddler.lateapex.net; sessionid='21db94a96b318a909b0a206070a396ea'; X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2015 16:39:41 -0000 Unfortunately, my aggressive spam-fighting milter ate Hooman Fazaeli's initial response to my question. I hope the subject line is recognized as being part of the same thread, and gets filed accordingly. Anyway: On 12/3/15 09:29 AM, Hooman Fazaeli wrote: > Can you post the output of the following commands (on freebsd router): > > # ifconfig > # ifconfig bridgeX addr > # arp -na > # netstat -nr -f inet > # sysctl net.inet.ip I'll be happy to, but I'm going to REDACT my public IPs for hopefully obvious reasons: # ifconfig re0: flags=8943 metric 0 mtu 1500 options=8209b ether 00:30:18:a3:b4:f8 nd6 options=29 media: Ethernet autoselect (1000baseT ) status: active re1: flags=8843 metric 0 mtu 1500 options=8209b ether 00:30:18:a3:b4:f9 inet 192.168.10.254 netmask 0xffffff00 broadcast 192.168.10.255 inet6 fe80::230:18ff:fea3:b4f9%re1 prefixlen 64 scopeid 0x2 inet6 [REDACTED] prefixlen 64 nd6 options=21 media: Ethernet autoselect (1000baseT ) status: active em0: flags=8943 metric 0 mtu 1500 options=209b ether 00:1b:21:7d:8d:cd nd6 options=29 media: Ethernet autoselect (1000baseT ) status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 nd6 options=21 pflog0: flags=100 metric 0 mtu 33160 bridge0: flags=8843 metric 0 mtu 1500 ether 02:fe:4a:c8:9c:00 inet [REDACTED].222 netmask 0xffffff00 broadcast [REDACTED].255 inet6 fe80::fe:4aff:fec8:9c00%bridge0 prefixlen 64 scopeid 0x5 inet6 [REDACTED] prefixlen 64 nd6 options=21 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0 flags=143 ifmaxaddr 0 port 1 priority 128 path cost 20000 member: em0 flags=143 ifmaxaddr 0 port 3 priority 128 path cost 20000 gif0: flags=8051 metric 0 mtu 1280 tunnel inet [REDACTED].222 --> 216.66.22.2 inet6 [REDACTED] --> 2001:470:7:9af::1 prefixlen 128 inet6 fe80::230:18ff:fea3:b4f8%gif0 prefixlen 64 scopeid 0x6 nd6 options=21 # ifconfig bridge0 inet bridge0: flags=8843 metric 0 mtu 1500 inet [REDACTED].222 netmask 0xffffff00 broadcast [REDACTED].255 # arp -an ? ([REDACTED].211) at 08:62:66:87:4c:c3 on bridge0 permanent [bridge] ? ([REDACTED].210) at 0c:c4:7a:31:e3:d8 on bridge0 permanent [bridge] ? ([REDACTED].212) at 0c:c4:7a:31:e3:d8 on bridge0 permanent [bridge] ? ([REDACTED].215) at 0c:c4:7a:31:e3:d8 on bridge0 permanent [bridge] ? ([REDACTED].217) at 0c:c4:7a:31:e3:d8 on bridge0 permanent [bridge] ? ([REDACTED].216) at 0c:c4:7a:31:e3:d8 on bridge0 permanent [bridge] ? ([REDACTED].219) at 0c:c4:7a:31:e3:d8 on bridge0 permanent [bridge] ? ([REDACTED].221) at 02:fe:4a:c8:9c:00 on bridge0 permanent [bridge] ? ([REDACTED].222) at 02:fe:4a:c8:9c:00 on bridge0 permanent [bridge] ? ([REDACTED].1) at 54:e0:32:be:cf:c1 on bridge0 expires in 1196 seconds [bridge] ? ([REDACTED].1) at 54:e0:32:be:cf:c1 on em0 expires in 1196 seconds [ethernet] ? (192.168.10.1) at 68:05:ca:3c:d9:2b on re1 expires in 1179 seconds [ethernet] ? (192.168.10.4) at 14:10:9f:d4:ad:15 on re1 expires in 1080 seconds [ethernet] ? (192.168.10.47) at 3c:15:c2:df:33:da on re1 expires in 1178 seconds [ethernet] ? (192.168.10.13) at 10:1c:0c:49:ea:27 on re1 expires in 1157 seconds [ethernet] ? (192.168.10.16) at ac:87:a3:00:90:97 on re1 expires in 1091 seconds [ethernet] ? (192.168.10.22) at 00:05:cd:41:8e:59 on re1 expires in 1126 seconds [ethernet] ? (192.168.10.250) at 64:d8:14:63:9e:f9 on re1 expires in 1168 seconds [ethernet] ? (192.168.10.251) at 64:d8:14:63:a4:e9 on re1 expires in 966 seconds [ethernet] ? (192.168.10.24) at 00:04:20:f1:5c:7d on re1 expires in 794 seconds [ethernet] ? (192.168.10.25) at 00:11:d9:64:e5:cd on re1 expires in 1186 seconds [ethernet] ? (192.168.10.254) at 00:30:18:a3:b4:f9 on re1 permanent [ethernet] ? (192.168.10.252) at 88:43:e1:ae:d2:9b on re1 expires in 1153 seconds [ethernet] ? (192.168.10.253) at 90:84:0d:d2:69:e1 on re1 expires in 1179 seconds [ethernet] ? ([REDACTED].210) at 0c:c4:7a:31:e3:d8 on re0 expires in 787 seconds [ethernet] # netstat -nr -f inet Routing tables Internet: Destination Gateway Flags Netif Expire default 108.28.193.1 UGS bridge0 [REDACTED].0/24 link#5 U bridge0 [REDACTED].222 link#5 UHS lo0 127.0.0.1 link#4 UH lo0 192.168.10.0/24 link#2 U re1 192.168.10.254 link#2 UHS lo0 # sysctl net.inet.ip net.inet.ip.portrange.randomtime: 45 net.inet.ip.portrange.randomcps: 10 net.inet.ip.portrange.randomized: 1 net.inet.ip.portrange.reservedlow: 0 net.inet.ip.portrange.reservedhigh: 1023 net.inet.ip.portrange.hilast: 65535 net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.last: 65535 net.inet.ip.portrange.first: 10000 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.forwarding: 1 net.inet.ip.redirect: 1 net.inet.ip.ttl: 64 net.inet.ip.rtexpire: 3600 net.inet.ip.rtminexpire: 10 net.inet.ip.rtmaxcache: 128 net.inet.ip.sourceroute: 0 net.inet.ip.intr_queue_maxlen: 256 net.inet.ip.intr_queue_drops: 0 net.inet.ip.accept_sourceroute: 0 net.inet.ip.keepfaith: 0 net.inet.ip.gifttl: 30 net.inet.ip.fw.dyn_keepalive: 1 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.enable: 1 net.inet.ip.fw.static_count: 359 net.inet.ip.fw.default_to_accept: 0 net.inet.ip.fw.tables_max: 128 net.inet.ip.fw.default_rule: 65535 net.inet.ip.fw.verbose_limit: 0 net.inet.ip.fw.verbose: 0 net.inet.ip.fw.autoinc_step: 100 net.inet.ip.fw.one_pass: 1 net.inet.ip.process_options: 1 net.inet.ip.maxfragpackets: 3922 net.inet.ip.maxfragsperpacket: 16 net.inet.ip.fragpackets: 0 net.inet.ip.check_interface: 0 net.inet.ip.random_id: 0 net.inet.ip.sendsourcequench: 0 net.inet.ip.fastforwarding: 0 net.inet.ip.mcast.loop: 1 net.inet.ip.mcast.maxsocksrc: 128 net.inet.ip.mcast.maxgrpsrc: 512 net.inet.ip.random_id_total: 0 net.inet.ip.random_id_collisions: 0 net.inet.ip.random_id_period: 8192 net.inet.ip.no_same_prefix: 0 -- Jason Van Patten