Date: Wed, 24 Dec 2003 18:44:22 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: Ian Smith <smithi@nimnet.asn.au> Cc: freebsd-net@freebsd.org Subject: Re: bridge with access on both interfaces Message-ID: <Pine.NEB.3.96L.1031224184144.66152G-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.3.96.1031224025136.14168A-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 24 Dec 2003, Ian Smith wrote: <snip> > What I can't get to is setting up both NICs for the same /24, using > either one or two separate addresses. I'd hoped to get away with one > IP, which some of the docs (and bridge.c, skimmed) led me to believe > that any local IPs of this host, on whatever of the bridged interfaces, > should provide unbridged local stack access - however if we need to have > 'inside' and 'outside' IPs separately on each bridge interface, fine. > > In short, ifconfig appears unwilling to have two NICs covering the same > /24. Can this be set up? I'm also at a bit of a loss with the routing, > so inside packets to the bridge box (ie unbridged packets) are responded > to on the same interface, and outside unbridged packets go only to/from > the gw. Some tcpdumps on both in and outside interfaces suggest an ARP > response problem also, perhaps; no responses on the inside iface at all. > > I'm unsure if that's too little initial detail or too much? <snip> If you want to use IP while bridging, you'll typically want to configure IP on one of the interfaces making up the bridge, and then simply "ifconfig up" the remaining interfaces without explicitly configuring IP on them. If you get ARP warnings, you can silence them using a sysctl (I can't remember if I got them last time I did this, however). At one point I rewrote bits of our bridge code to create virtual bridge interfaces, the idea being that you'd configure IP on the virtual interface rather than on one of the member interfaces. However, I never got around to merging those changes -- my real goal was to allow sniffing of packets to/from the host on any component interface, and BPF only picked up packets from/to a specific interface (or leaked bridge packets for unknown target addresses). I'm sure at some point, someone will get to reimplementing our bridge code to take this approach, however. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1031224184144.66152G-100000>