Date: Sun, 13 Oct 2002 20:17:11 -0400 (EDT) From: Andriy Gapon <agapon@excite.com> To: freebsd-ipfw@freebsd.org Subject: ip broadcast bridging Message-ID: <20021013194727.Q12422-100000@edge.foundation.invalid>
next in thread | raw e-mail | index | archive | help
It looks like broadcast packets are not always bridged correctly. I have a host that used to be a gateway between 3 LANs, then I changed it to do briding between two of them (one interface kept its ip address, the other got none) and to be a gateway to the third one and until recently I haven't bothered to change firewall rules on that bridge/gateway. I got a bit puzzled when I noticed that firewall has matches for the rules applicable only to the bridged interface without an ip address. Of course I wouldn't be surpised if I hadn't net.link.ether.bridge_ipfw: 0 My understanding that in this situation bridging should happen before ipfw check and thus ipfw should not see any ip packets on the interface without ip address. After enabling logging for the rules in question it looks like only broadcast packets of the bridged subnet originating from LAN connected to ip-address-less interface get matched. Using tcpdump I see that there is nothing wrong with the packets i.e. they have correct ip and ether source addresses and correct destination: broadcast ip address of the subnet and ff:ff:ff:ff:ff:ff ethernet address. I have 4.7-RELEASE and ipfw2 on the bridge/gateway. Sorry if this is not the most appropiate place to discuss this topic. -- Andriy Gapon * "I do not know myself, and God forbid that I should." Johann Wolfgang von Goethe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021013194727.Q12422-100000>