From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 22:05:55 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C66C616A420 for ; Sat, 25 Mar 2006 22:05:55 +0000 (UTC) (envelope-from asegu_fbsdnet@borgtech.ca) Received: from borgtech.ca (borgtech.ca [216.187.106.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B15A43D46 for ; Sat, 25 Mar 2006 22:05:55 +0000 (GMT) (envelope-from asegu_fbsdnet@borgtech.ca) Received: from localhost (localhost.borgtech.ca [127.0.0.1]) by borgtech.ca (Postfix) with ESMTP id 419EF54BC for ; Sat, 25 Mar 2006 22:05:54 +0000 (GMT) Received: from borgtech.ca ([127.0.0.1]) by localhost (borg.internal.borgtech.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 69932-09 for ; Sat, 25 Mar 2006 22:05:46 +0000 (GMT) Received: from [161.53.212.252] (unknown [161.53.212.252]) by borgtech.ca (Postfix) with ESMTP id 6D5A354B7 for ; Sat, 25 Mar 2006 22:05:44 +0000 (GMT) Message-ID: <4425BE7F.3030708@borgtech.ca> Date: Sat, 25 Mar 2006 23:04:47 +0100 From: Andrew Seguin User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <442304AD.1010709@borgtech.ca> In-Reply-To: <442304AD.1010709@borgtech.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at borgtech.ca Subject: Re: net.link.ether.bridge.config effeciency for more then 2 interfaces? [solved of sorts] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 22:05:55 -0000 Andrew Seguin wrote: > I'm trying to get a vlan based firewall working, but having a problem > with ARP & DHCP not working well > (dhcp could be maybe not working well because of ARP) > > The network is setup: > IP: xyz.zyx.xzy.0/24 > [ISP router -> ISP Switch] -> firewall ->{vlans-tagged}->layer2 > switch->other switches > (I don't have the authoritzation to put the firewall between the ISP > router/switch unfortunatly) The problem kept nagging at my head... a solution finnally came to me... the switch between the two routers is the problem. So I needed an ARP solution... a bit of googling and I found proxy_arp for linux and a two clicks later found choparp. A quick test... and it works! Simply I run choparp fxp0 xyz.zyx.xzy.16/28 xyz.zyx.xzy.32/27 xyz.zyx.xzy.64/26 xyz.zyx.xzy.128/25 and voila... no more need for a bridge! :) I still don't know why bridging two vlans to the main internet connection was wrotten performance for ARP, but at least this way it works and it's more satisfying by not using bridge anymore. Thanks to those on this list for having helped me several times before and for simply being there for others! Andrew