From owner-freebsd-net@FreeBSD.ORG Mon May 10 11:38:57 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C2F316A4CE for ; Mon, 10 May 2004 11:38:57 -0700 (PDT) Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id D910843D1F for ; Mon, 10 May 2004 11:38:56 -0700 (PDT) (envelope-from erob@videotron.ca) Received: from videotron.ca ([24.202.95.92]) by VL-MO-MR010.ip.videotron.ca (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HXI003CSJWZCC@VL-MO-MR010.ip.videotron.ca> for freebsd-net@freebsd.org; Mon, 10 May 2004 14:38:59 -0500 (EST) Date: Mon, 10 May 2004 14:40:40 -0400 From: Etienne Robillard In-reply-to: <409FCAA5.5000504@videotron.ca> To: freebsd-net@freebsd.org Message-id: <409FCCA8.9000306@videotron.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 0.5 (X11/20040406) X-Enigmail-Version: 0.83.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime References: <409FCAA5.5000504@videotron.ca> Subject: Re: bridging and promiscuous mode... works but can"t get packets back X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 18:38:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Etienne Robillard wrote: | Hi | | I am quite new to this list :) | | Context: | There's a bridge that does one logical net for two nics (vr0,rl0) on the | same box (freebsd-4.10-prerelease). | | vr0 = outsite net (isp connected with dhclient) | rl0 = inside net (192.168.1.1) connected with a 10BaseT/UTP cable. | | The module in use is bridge.ko and ipfw is in use by the bridge. actually, ipfw is _not_ in use by the bridge... net.link.ether.bridge_ipfw: 0 and thus the firewall: |sudo ipfw show 00100 756 40656 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 4926 1068643 allow ip from any to any 65535 44 13776 deny ip from any to any Thanks, Etienne -----BEGIN PGP SIGNATURE----- Comment: quork teht! iD8DBQFAn8ynfhO/J4JSDfYRAik6AJ9fAeAMwnowrVEv3Dp5azMWYDsTKgCfdbcp lxTD9gRx0nCOQxTmvcPSyWY= =gRlh -----END PGP SIGNATURE-----