From owner-freebsd-stable Sat Feb 3 21:20:53 2001 Delivered-To: freebsd-stable@freebsd.org Received: from veldy.net (w028.z064001117.msp-mn.dsl.cnc.net [64.1.117.28]) by hub.freebsd.org (Postfix) with ESMTP id 20BB637B401 for ; Sat, 3 Feb 2001 21:20:35 -0800 (PST) Received: from cascade (cascade.veldy.net [192.168.0.1]) by veldy.net (Postfix) with SMTP id 013FC8C2C; Sat, 3 Feb 2001 23:20:04 -0600 (CST) Message-ID: <003f01c08e6a$0b267080$0100a8c0@cascade> From: "Thomas T. Veldhouse" To: "Keith J" Cc: References: <006801c08d39$6974f9e0$3028680a@tgt.com> <008a01c08deb$1d8d3bc0$3601a8c0@keefer> <000801c08df8$46e3bd70$0100a8c0@cascade> <000b01c08e13$8a255880$3601a8c0@keefer> Subject: Re: Bridge and IPFW woes ... Date: Sat, 3 Feb 2001 23:19:27 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > You are saying two things that make a big difference, you say Host A is > providing DHCP address, and that the addresses are external network > addresses. Just how are they assigned... DHCP, Static, or using a > secondary (i.e. multiple IP's for the same interface)? No, the outer interface is without an IP and the internal interface has an IP. All IPs on my network are public - via the bridge. > > If you are using the default gateway from the ISP then in essence you are > asking the ISP router to know where your internal network is, which he > doesn't. As I said, you need to point the B & C machines to A so A can > route the packet to the internal network interface so B can talk to C and > vice versa. If the traffic is going outside the internal network then he > will > route it to the ISP interface, provided you build the route I suggested > earlier, > and limited to the span of internal addresses you use. The entire network works just fine. But when the second computer comes online, Host A seems to disappear from the outside (to Host A everything appears OK). The bridge continues to work correctly however and the filter rules with IPFW also work (all running on host A). > > The system must have a way of knowing what addresses to find on what > interface for reliable communications, that is done by address and netmask. > Otherwise just hang everything off a hub, becasue that is all bridging is > doing > in this case. No, I need ipfw to filter the packets on the way through the bridge. The filtering works fine, but occasionally Host A will drop off the radar. Eventually it will reappear and work as normal (could be hours or days). Even though Host A appears to be gone, the bridge code running on Host A works fine and all packets are bridged and filtered. I know this exact setup will also work with OpenBSD using BRIDGE and IPFILTER - except I don't know if they support setting an IP address for an interface that is part of the bridge (which is what I am doing here). Incidentally, I have this same setup running on my brothers network and it works fine for him (as mine used to). Something changed between 12-31-2000 and 1-30-2001 that has caused this. Tom Veldhouse veldy@veldy.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message