From owner-freebsd-net@freebsd.org Mon May 30 05:18:26 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2C7BCB5405A for ; Mon, 30 May 2016 05:18:26 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CF23611C5 for ; Mon, 30 May 2016 05:18:25 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-225-151.lns20.per1.internode.on.net [121.45.225.151]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id u4U5IHa7027709 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 29 May 2016 22:18:21 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: Bridge interface and ARP traffic To: John Nielsen , Aqz References: <9746AF3A-3440-4277-9D25-E78B04A35A6D@jnielsen.net> Cc: freebsd-net@freebsd.org From: Julian Elischer Message-ID: <4fe99aa3-61b9-d670-9715-60fd83d4512c@freebsd.org> Date: Mon, 30 May 2016 13:18:12 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: <9746AF3A-3440-4277-9D25-E78B04A35A6D@jnielsen.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2016 05:18:26 -0000 On 27/05/2016 1:13 AM, John Nielsen wrote: >> On May 20, 2016, at 12:30 AM, Aqz wrote: >> >> Hello, >> >> I have a very strange issue with passing ARP traffic through bridge >> interface. >> I'm using FreeBSD 10.3-REL VMWare virtual machine as bridge between two >> networks using the same IP address space. Bridge interface doesn't have IP >> address assigned so it acts more like a switch between those two virtual >> networks - let's call them NET and PUB. >> Gateway for our network is in NET vlan, all the virtual machines are in the >> PUB vlan. >> >> Traffic passes through this bridge, but there are few problems. >> >> I have to manually add static ARP table entries for gateway on all the >> machines in PUB network - I can see ARP broadcasts from machines asking >> where's the gateway, and the reply but only on one of bridged interfaces - >> the one from NET side. The response is not visible on bridge interface, nor >> the PUB vlan interface. >> >> Also, when I try to ping a machine that's in NET network from PUB network >> all network traffic suddenly stops, even when I'm pinging some nonexistent >> host. I have to use virtual console and ping for ex. DNS server, or any >> internet host to make traffic start again. >> >> I'm not sure what I'm doing wrong - I've been using a similar configuration >> before (with physical machines). >> >> Here's my ifconfig output http://aquaz.eu/bridgeifconfig.txt > The first thing to check is the hypervisor. Do you have your VM configured to allow the NICs to use promiscuous mode? Is there any kind of IP/MAC matching or filtering going on? > > Next thing to check is firewall in the VM. Is IPFW or PF enabled? What is the output of "sysctl net.link.bridge" ? > > The ping problems are definitely weird, not sure what to think about that. try the netgraph bridge for a comparison there is a sample implementation in /usr/share/examples/netgraph I think under virtual.lan > > JN > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >