From owner-freebsd-net@FreeBSD.ORG Mon May 10 15:28:51 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C93216A4CE for ; Mon, 10 May 2004 15:28:51 -0700 (PDT) Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF44843D2F for ; Mon, 10 May 2004 15:28:50 -0700 (PDT) (envelope-from erob@videotron.ca) Received: from videotron.ca ([24.202.95.92]) by VL-MO-MR011.ip.videotron.ca (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HXI00IPARS2CM@VL-MO-MR011.ip.videotron.ca> for freebsd-net@freebsd.org; Mon, 10 May 2004 18:28:50 -0400 (EDT) Date: Mon, 10 May 2004 18:30:39 -0400 From: Etienne Robillard In-reply-to: <200405102114.34437.jrh@it.uc3m.es> To: Juan Rodriguez Hervella , freebsd-net@freebsd.org Message-id: <40A0028F.2050409@videotron.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 0.5 (X11/20040406) X-Enigmail-Version: 0.83.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime References: <409FCAA5.5000504@videotron.ca> <200405102114.34437.jrh@it.uc3m.es> Subject: Re: bridging and promiscuous mode... works but can"t get packets back X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 22:28:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Juan Rodriguez Hervella wrote: | On Monday 10 May 2004 20:32, Etienne Robillard wrote: | |>Hi |> |>I am quite new to this list :) |> |>Context: |>There's a bridge that does one logical net for two nics (vr0,rl0) on the |>same box (freebsd-4.10-prerelease). |> |>vr0 = outsite net (isp connected with dhclient) |>rl0 = inside net (192.168.1.1) connected with a 10BaseT/UTP cable. |> |>The module in use is bridge.ko and ipfw is in use by the bridge. |>Moreover, there's two servers (dhcpd/dnscache) that do dhcp and |>name-resolution on 192.168.1.1 (rl0). |> |>Question: Why promiscuous-mode enabled interfaces routes packets |>outbound successfully but not inbound ?? That is, why the private host |>can lookup addresses, but fails to receive back tcp packets from the |>internet ? |> |>any ideas ? |> |>I would really much appreciate any kinds of comments or hints concerning |>this scenario... |> |>Thanks |> | | | Hello Etienne, | | I think that you dont have to make bridging, I think you need to make NAT. | | As far as I know, if you bridge both interfaces, you are joining the | networks at the link layer (L2), but the IP layer (L3) | is what it is used to route your packets in the internet. so | If your packets are sent with a private IP address as source address, | (192.168.X.X) you won't get any response back (private addressing is | not globally routable) | | I've got dial-up access at home and I use | "ppp" with the NAT option to deal with the | same situation your are describing here, I think. | | Hope this helps. | Solved :) Thanks, Juan, for pointing this out in the ether :) Apparently, natd seem's like working with promiscuous-kind-of nics... Still strange, however, that the internal interface needs to be in promisc-mode, so that packets from the dhcpd daemon goes in/out. Guess there's plenty of homeworks for me to do in ifconfig(8) :P erob -----BEGIN PGP SIGNATURE----- Comment: quork teht! iD8DBQFAoAKOfhO/J4JSDfYRAt/vAKCE/gSUJzYp3gyugs/6d0C9+OwbxACgmg1W lzGByZaHREflf/ggsgJFlRY= =HJIC -----END PGP SIGNATURE-----