From owner-freebsd-net@freebsd.org Mon Jul 8 16:54:01 2019 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 203E315E3121 for ; Mon, 8 Jul 2019 16:54:01 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qt1-x841.google.com (mail-qt1-x841.google.com [IPv6:2607:f8b0:4864:20::841]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C0CDD7766A for ; Mon, 8 Jul 2019 16:53:59 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qt1-x841.google.com with SMTP id w17so15573567qto.10 for ; Mon, 08 Jul 2019 09:53:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=eWzYER4zli1SpKsEaz5y/mHd7HnzsuTvhlWz+dJsm5M=; b=W3coe0hab+ThloYgnEKnUj6PgGwdw1ZL/Yfq4lp+qBkHm1QfVmuAp46cLdsa3yuBxw Qap5EoEJuOxaPi7ETfKd5IxEr2WYKCc84p8lr+XbJkPj6AtZvJmUeKnDUmKLBm7hbX4t LmYSK3G3ZmVw1iLSlj/6Ba0ARBs47yozAG8ikoYfoVib9wPkaZqkMLOMu4F7TAx17db8 uzBLddh4Peg2+QjLs9sF9vm7aNvPHsqFCL5d/GAR8mMyDMi/CG5ixxVHv4Tb5SaeQlum wE/b180sYnqzH3rV218kPq0y3IN40IlMcPKJ8PebItOovu7F5E5a6jodkQ8oq1LAsWSs g8Jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=eWzYER4zli1SpKsEaz5y/mHd7HnzsuTvhlWz+dJsm5M=; b=Or0LowH/9SyJT0RgQQYv5Wln1gBUAGRIuxYmVl3RAxQB6hvtzDCMEpAx7Ry21QEgRM q/bxFkW/AJOtI9COuYYFB6YgsESFrHCtsVqLa4IqLOBgaBzj9yCMfClJIZ9grE9/Wdcg e6Ql32SkCCZ4IYLaLQF1Ym+xJisVZ7Gnso30K0FQTbo94MxU1tj8QgowLYhmb9blnFZd r5+yrg/hi5HRcd34A+LCnBRiQ4/WUDgc7jH9H6jAiCyScbti02wpUKRU92MiK0BKCaSb n2h5i0HTLtBCWldk/9Sv1HgpGU62wpgLQiB+m/hobwIH1x9veRsVoew/RRzUUOPwjCHb 74+Q== X-Gm-Message-State: APjAAAVXAWAwPIrkDZn+B7XExS43/UOmkkyNKJGPX55jIg226DqKPCNV ejAep9QyMbjSiXF2N4oKHzJ7bSHnSQ9PQqO+xbw5cuQKyZ8= X-Google-Smtp-Source: APXvYqy0Vc5sY/dXjOUlUaj/XpDdTIvHaUGZSPtFx/5yzxgS5rCKwSa44HkPhyqhK008xrmyp0712Cy6A+tLuEUoUnQ= X-Received: by 2002:aed:2241:: with SMTP id o1mr15091155qtc.233.1562604838697; Mon, 08 Jul 2019 09:53:58 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Michael Sierchio Date: Mon, 8 Jul 2019 09:53:22 -0700 Message-ID: Subject: Re: Bridge Not Forwarding ARP To: "freebsd-net@freebsd.org" X-Rspamd-Queue-Id: C0CDD7766A X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tenebras-com.20150623.gappssmtp.com header.s=20150623 header.b=W3coe0ha X-Spamd-Result: default: False [-3.64 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.986,0]; R_DKIM_ALLOW(-0.20)[tenebras-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; DMARC_NA(0.00)[tenebras.com]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-0.72)[ip: (2.02), ipnet: 2607:f8b0::/32(-3.16), asn: 15169(-2.40), country: US(-0.06)]; MX_GOOD(-0.01)[cached: alt1.aspmx.l.google.com]; DKIM_TRACE(0.00)[tenebras-com.20150623.gappssmtp.com:+]; RCVD_IN_DNSWL_NONE(0.00)[1.4.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.63)[-0.625,0]; TO_DN_EQ_ADDR_ALL(0.00)[]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 16:54:01 -0000 What's your firewall ruleset look like? (show, don't tell) What does sysctl report on the interfaces and on arp? On Mon, Jul 8, 2019 at 9:15 AM Dan Lists wrote: > I have a server running FreeBSD 11.2 that I am wanting to use as a bridge= d > firewall. I have it set up and it mostly works. The problem is that AR= P > replies are not being forwarded from the outside interface to the inside > interface. It appears to be working in the other direction. I see the > ARP request go out on the outside interface and the reply arrives back at > the outside interface. The ARP reply is never getting to the bridge or = to > the inside interface. > > The firewall server and the device behind it are in ESX. I think I've > worked all the ESX issues out. When I manually add an ARP entry everythi= ng > works. I've done this before with a physical server running FreeBSD 8.4 > and it works as expected. The differences are physical vs virtual, and > 8.4 vs 11.2. > > I'm at a loss as to why it is not working. I've searched the web and > found noting. If anyone could offer suggestions on how to fix this or > begin to debug it I would greatly appreciate it. > > Thanks, > > Dan > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > --=20 "Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is = no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata