From owner-freebsd-net@FreeBSD.ORG Wed Jan 7 04:23:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03EAA16A4CE for ; Wed, 7 Jan 2004 04:23:37 -0800 (PST) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B6C943D2D for ; Wed, 7 Jan 2004 04:23:32 -0800 (PST) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id XAA07244; Wed, 7 Jan 2004 23:23:13 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 7 Jan 2004 23:23:12 +1100 (EST) From: Ian Smith To: Maxim Konovalov In-Reply-To: <20040106110122.T65251@news1.macomnet.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Bjorn Eikeland cc: net@freebsd.org Subject: Re: 5.1r Bridge with one ip - no access from non-ip side - WORKS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jan 2004 12:23:37 -0000 On Tue, 6 Jan 2004, Maxim Konovalov wrote: > On Tue, 6 Jan 2004, 06:33+0100, Bjorn Eikeland wrote: > > > P? Tue, 6 Jan 2004 07:41:26 +0300 (MSK), skrev Maxim Konovalov > > : > > > > > Try sysctl net.inet.ip.check_interface=0. > > > > > > > Well that did the trick! > > Thank you very much! > > We really have to document that knob somewhere in bridge.4. I thought this might affect my problem with a very similar setup that I reported in some detail the other day, re the bridge not seeing (or not taking notice of, at least) rwho UDP 113 packets to the subnet broadcast address on the non-IP interface from hosts 'outside', but on checking, that knob was already set to 0 by default (4.8-RELEASE + BRIDGE kernel). Setting this to 1 did indeed kill connectivity (ping) on the unnumbered interface. I wonder why your system would default to 1 on that knob? In chasing this I've tried fiddling with several knobs, most recently net.link.ether.inet.proxyall=1 (guesswork!), and have tried creating an extra arp entry for the MAC address of the non-IP outside interface (pub and pub only) but these always get stored with the MAC of the inside interface, ie that with the IP assigned, despite specifying the other. I'm not sure if our problem is to do with arp at all, or with processing broadcast packets received on the non-IP interface, or what. I can live with rwho/ruptime only half-working on this box (ie for 'inside' boxes), but I do wonder whether protocols other than rwho using UDP broadcasts (such as ..?) might have the same problem? Anyway, the consequence is that the bridge box is the only one that won't report on rwho/ruptime for the (single) box on the unnumbered (outside) interface. Guess I could bring it up to -STABLE if anyone knows of bridge changes? Chees, Ian