From owner-freebsd-net@freebsd.org Mon Jul 8 16:13:22 2019 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A5FA015E2764 for ; Mon, 8 Jul 2019 16:13:22 +0000 (UTC) (envelope-from lists.dan@gmail.com) Received: from mail-vs1-xe33.google.com (mail-vs1-xe33.google.com [IPv6:2607:f8b0:4864:20::e33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CF2EB75D02 for ; Mon, 8 Jul 2019 16:13:21 +0000 (UTC) (envelope-from lists.dan@gmail.com) Received: by mail-vs1-xe33.google.com with SMTP id 2so8572414vso.8 for ; Mon, 08 Jul 2019 09:13:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=C37V9XSmwpLFh6haTgya9EVq4SnZISvA8nVNVPDQtu8=; b=iRvWRmhO3jZn+rfeuts05kHpJOl+u/WabH9GYyeF12iAWAcQGHKblsZXLqEsGBKIUK isFFlMi6k1k3jGnc/5CkJT+1xA/Piqhy2fq7kEn6HLehWbhSB4Bs+19RuYl9jJhSHhYB pKBZxnoDg+QoLoYvxiX+MZhNUTxBfh6GTpXJ92cvdI4bYDvjNTIziSmumzyjMOPpgGpE r7lKvieFeJk0kr4ifICceskTXsg0iGfr+OnACUsplFJST1tfOLhUtFi+nM7NNd8wraDY fp5P1hIsvJGyrh6Q+rsQOlE6nh2mIOWG1jBGcmlM9EePJt1RGejEgIY9QI8aiW4B7Tto JMqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=C37V9XSmwpLFh6haTgya9EVq4SnZISvA8nVNVPDQtu8=; b=p559XINzVJbReuicgbxzCplJNRzFaJFSoZmmYwmoK2KKB07fREGKVu13bhg0iWyXkU LttWV9RTZ09YQ/h95cEaa8aIsQOL42RgS1IIUPvMZLifBzQRPWb3dqPjwokTEF2wl93E sppvg9whl7tV0JY/AYKy2x1nKX95CA0WoaJlf8bc6WWiarmCP3JB4eh6wMYtxJXiB+Of suZc1Zwp3sRIoFAPmiEGta/RWjmqW//z4Rze+kCifrIcOfteI7ofownN0PKnr4EIdI6E 43peQMbw5Dzb9m1ZVx9YAert5uGJbn1aN18OCNKQgA6dPeb5VV4dNRTwDJUcLUHed7So l4dw== X-Gm-Message-State: APjAAAXiEPTg3XbLSY5egYH10tWpxn9YB+BAUqoUJM7lTBhhSNUvpcsZ j8Jw90kLQ6+49x6K9QP6KlfA5+FLiTI5uUaXxIT+Kffn X-Google-Smtp-Source: APXvYqxmts149iTbZ3icfJkfooPMHvS4E8bc6a20Znaz6bWHEoPKOKBKACFt0OUiNkVx/JvQb5yVcT+bFs/OdJ9FIkI= X-Received: by 2002:a67:ead3:: with SMTP id s19mr975489vso.147.1562602400541; Mon, 08 Jul 2019 09:13:20 -0700 (PDT) MIME-Version: 1.0 From: Dan Lists Date: Mon, 8 Jul 2019 11:13:09 -0500 Message-ID: Subject: Bridge Not Forwarding ARP To: freebsd-net@freebsd.org X-Rspamd-Queue-Id: CF2EB75D02 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=iRvWRmhO; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of listsdan@gmail.com designates 2607:f8b0:4864:20::e33 as permitted sender) smtp.mailfrom=listsdan@gmail.com X-Spamd-Result: default: False [-6.65 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.59)[-0.592,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.05)[ip: (-9.62), ipnet: 2607:f8b0::/32(-3.16), asn: 15169(-2.40), country: US(-0.06)]; RCVD_IN_DNSWL_NONE(0.00)[3.3.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 16:13:23 -0000 I have a server running FreeBSD 11.2 that I am wanting to use as a bridged firewall. I have it set up and it mostly works. The problem is that ARP replies are not being forwarded from the outside interface to the inside interface. It appears to be working in the other direction. I see the ARP request go out on the outside interface and the reply arrives back at the outside interface. The ARP reply is never getting to the bridge or to the inside interface. The firewall server and the device behind it are in ESX. I think I've worked all the ESX issues out. When I manually add an ARP entry everything works. I've done this before with a physical server running FreeBSD 8.4 and it works as expected. The differences are physical vs virtual, and 8.4 vs 11.2. I'm at a loss as to why it is not working. I've searched the web and found noting. If anyone could offer suggestions on how to fix this or begin to debug it I would greatly appreciate it. Thanks, Dan