From owner-freebsd-net  Tue Aug 29 10:25:33 2000
Delivered-To: freebsd-net@freebsd.org
Received: from onion.ish.org (onion.ish.org [210.145.219.202])
	by hub.freebsd.org (Postfix) with ESMTP id 47A5737B422
	for <freebsd-net@freebsd.org>; Tue, 29 Aug 2000 10:25:28 -0700 (PDT)
Received: from localhost (ishizuka@localhost [127.0.0.1])
	by onion.ish.org (8.9.3/3.7Wpl2-2000/05/28) with ESMTP id CAA69603
	for <freebsd-net@freebsd.org>; Wed, 30 Aug 2000 02:25:26 +0900 (JST)
To: freebsd-net@freebsd.org
Subject: bridge on FreeBSD 4.1R
X-Mailer: Mew version 1.94.2 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
X-PGP-Fingerprint20: 276D 697A C2CB 1580 C683  8F18 DA98 1A4A 50D2 C4CB
X-PGP-Fingerprint16: C6 DE 46 24 D7 9F 22 EB  79 E2 90 AB 1B 9A 35 2E
X-PGP-Public-Key: http://www.ish.org/pgp-public-key.txt
X-URL: http://www.ish.org/
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20000830022526S.ishizuka@onion.ish.org>
Date: Wed, 30 Aug 2000 02:25:26 +0900
From: Masachika ISHIZUKA <ishizuka@ish.org>
X-Dispatcher: imput version 20000414(IM141)
Lines: 55
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

  I want to use bridge on 4.1-RELEASE with the following
kernel options and two fxp NICs.

  options IPFIREWALL
  options IPFIREWALL_VERBOSE
  options BRIDGE
  options DUMMYNET

I have two questions.

(1) options IPFIREWALL_DEFAULT_TO_ACCEPT is needed ?
  On 4.0R, I think the 'options IPFIREWALL_DEFAULT_TO_ACCEPT'
is needed to pass the non IP packets like ARP.  On 4.1R, with
the 'options IPFIREWALL_DEFAULT_TO_ACCEPT', the counter values
of 'ipfw -at list 65535' is not up even when passing ARP packets.
I think the line number of 681 in /sys/net/bridge.c is bypass
the ipfw for non IP packets.
  Is it right ?

(2) Arp invalid MAC address once a week or less ?
  I use bridge shown as follows.


    Backbone #1               Backbone #2
        ^                         ^
        |                         |
  +-----+-----+             +-----+-----+
  |cisco 7206 |             |cisco 7513 |
  +-----+-----+             +-----+-----+
        |                         |
  ------+------------+------------+------
                     |
                     |MAC: A1:A2:A3:A4:A5:A6
               +-----+-----+
               |  bridge   |
               |   (4.1R)  |
               +-----+-----+
                     |MAC: B1:B2:B3:B4:B5:B6
                     |
                     |MAC: C1:C2:C3:C4:C5:C6, IP: 10.1.1.1
               +-----+-----+
               | client PC |
               |   (4.1R)  |
               +-----------+


    Normally, the arp tables of cisco 7206 and cisco 7513 are
'10.1.1.1 C1C2.C3C4.C5C6'.  But once a week or less, The arp
tables of both cisco routers are '10.1.1.1 B1B2.B3B4.C5C6',
that is the first 4 bytes of MAC address in arp table is invalid.
Are there any one with the same problems ?

  Thank you for advice and sorry to my poor English.
-- 
ishizuka@ish.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message