Date: Wed, 24 Dec 2003 04:38:32 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: freebsd-net@freebsd.org Subject: bridge with access on both interfaces Message-ID: <Pine.BSF.3.96.1031224025136.14168A-100000@gaia.nimnet.asn.au>
next in thread | raw e-mail | index | archive | help
Hello net crew, We're new to bridges; please be gentle. 4.8-RELEASE box, 2 ed NICs, test rig with 10-base coax. Bridging itself is working nicely. Aim is for the box to bridge a 192.168.0.1 gateway (satellite down / ISDN back proxy server black box) to a /24 of about a dozen mostly winXP boxes, using IPFW to count and dis/enable bridged connections to gw. All that's well along, but the firewall is just open so far while struggling with inside/outside connectivity to/from the bridge box itself. Assigning an address (.7) to the outside interface (ed0) works fine for outside (gw side) access, but we also need this box accessible from the inside, for ssh/webmin/web/mysql and a samba domain controller / file server for the inside network. My coworker has that side well in hand. What I can't get to is setting up both NICs for the same /24, using either one or two separate addresses. I'd hoped to get away with one IP, which some of the docs (and bridge.c, skimmed) led me to believe that any local IPs of this host, on whatever of the bridged interfaces, should provide unbridged local stack access - however if we need to have 'inside' and 'outside' IPs separately on each bridge interface, fine. In short, ifconfig appears unwilling to have two NICs covering the same /24. Can this be set up? I'm also at a bit of a loss with the routing, so inside packets to the bridge box (ie unbridged packets) are responded to on the same interface, and outside unbridged packets go only to/from the gw. Some tcpdumps on both in and outside interfaces suggest an ARP response problem also, perhaps; no responses on the inside iface at all. I'm unsure if that's too little initial detail or too much? Clues, anyone? Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1031224025136.14168A-100000>