Date: Thu, 12 Feb 2004 13:09:46 -0500 From: "Cody Baker" <cody@wilkshire.net> To: <isp@freebsd.org> Subject: Re: 5.2 Bridging issue Message-ID: <000a01c3f193$7f36a500$011aa8c0@MISCHIEVOUS> References: <20040212144532.B3D3C43D2F@mx1.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I am having this same issue, 5.2 RELESE. ----- Original Message ----- From: "Tony Saign" <tony@saign.com> To: "'Aaron D. Gifford'" <agifford@infowest.com> Cc: <isp@freebsd.org> Sent: Thursday, February 12, 2004 9:45 AM Subject: RE: 5.2 Bridging issue > I have a similar setup, and it works just fine. > > My config; > > fxp0 = internet > fxp1 = LAN > ath0 = WLAN bridged to fxp1 > > fxp0 = 66.146.x.x > fxp1 = 172.17.1.1 > ath0 = zip, no ip address assigned > %ifconfig ath0 > ath0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 > ether 00:0b:cd:59:00:33 > media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> > status: associated > ssid BSDg 1:BSDg > channel 1 authmode OPEN powersavemode OFF powersavesleep 100 > wepmode MIXED weptxkey 1 > wepkey 1:104-bit > > My /etc/rc.conf > defaultrouter="66.146.x.x" > gateway_enable="YES" > ifconfig_fxp0="inet 66.146.x.x netmask 255.255.255.0" > ifconfig_fxp1="inet 172.17.1.1 netmask 255.255.255.0" > ifconfig_ath0="inet up ssid BSDg mediaopt hostap" > sysctl net.link.ether.bridge.enable=1 > sysctl net.link.ether.bridge.config="ath0 fxp1" > sysctl net.link.ether.bridge.ipfw=1 > > Kernel config includes DUMMYNET, and IPFW > IPFW handles NAT on my box. > I have a script in rc.d that runs to set band .a/b/g and WEP key > My system is 5.2-CURRENT, and also acts as a DNS/DHCP server. > > -Tony > > > -----Original Message----- > From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org] > On Behalf Of Aaron D. Gifford > Sent: Thursday, February 12, 2004 2:57 AM > To: "FreeBSD List"@FreeBSD.ORG > Subject: 5.2 Bridging issue > > PROBLEM SUMMARY: > ---------------- > > I've got a bridge(4) issue on a BSD 5.2.1 box. The bridging box has three > ethernet interfaces, two bridged together in a single cluster, and one > connected to the internet. The box acts as a bridge for the two network > segments, and as a router to the Internet (it's the default gateway). The > problem is, only one of the bridged segments can communicate with the BSD > box directly (and thus the Internet), even though the two segments can talk > to each other just fine. > > > NETWORK SET-UP: > --------------- > > First, let me clue you in on my network set-up: > > FreeBSD 5.2 Box with 3 ethernet interfaces, em0, rl0, and rl1: > > [FreeBSD Box] > | | | > rl0 rl1 em0 > | | | > | | +---To-Internal-Network-Segment-#1... > | | > | +---To-Internal-Network-Segment-#2.. > | > +---Internet... > > Interfaces rl1 and em0 are bridged: > > net.link.ether.bridge.config=em0:1,rl1:1 > > Since they ARE bridged and so are "on the same subnet", only em0 has > an IP address: > > ifconfig em0 inet 10.10.10.1/16 > > I don't see how or why one would need or could assign an IP on the > same subnet to the other interface, rl1, unless it was handled like > many alias addresses, as a /32 host address. > > Interface rl0 is the link to the Internet. > > Bridging for the most part seems to be working. Hosts on segment #1 > (via em0) are visible to hosts on segment #2 (connected via rl1). They > can ping each other, get ARP address resolution, and pass IP traffic. > > All hosts use 10.10.10.1 as their default gateway to the Internet. > > Hosts on segment #1 can reach the Internet just fine. > > > PROBLEM DETAILS: > ---------------- > > Hosts on segment #2 cannot seem to be able to communicate with the > bridinging/routing FreeBSD box's own IP addresses, and since it is the > default gateway, in turn they cannot reach the Internet. No layer 2 > traffic (ARP) reaches the FreeBSD box directly (the ARP table shows > "incomplete" for all segment #2 addresses, even though ARP packets > DO reach segment #1 just fine, passing transparently through the > FreeBSD box. The BSD box just can't see stuff addressed directly to it. > > This is NOT a firewalling or NAT issue. This is exclusively a bridging > issue. Firewalling/NAT occurse elsewhere. > > So since I'm a FreeBSD bridge(4) newbie, after scouring the man page, > reading the Handbook's information, searching various mailing list archives, > I can't find anything useful that tells me if bridge's bdg_forward() knows > how to handle traffic like this. Apparently it doesn't. > > So bridging is just fine if you want your BSD box hidden, transparent, > invisible. But if you want it visible so it can act as a default gateway > to all segments of a subnet that are bridged together, HOW DOES ONE DO IT? > > I can't ifconfig the rl1 interface with an IP on the same subnet unless it's > a /32, and that accomplishes nothing (the IP packets are addressed to the > IP address assigned to em0). Bridging SHOULD just bridge, so traffic to > the BSD box's em0 IP should come in on rl1 and be processed by the host. > > Somehow the bridging code knows the MAC addresses on the segment #2 side of > things (rl1), since it passes traffic between the two segments just fine. > But the kernel's ARP table is totally ignorant. It can't find those hosts. > > > REQUEST FOR HELP: > ----------------- > > Thanks in advance for all help, pointers, etc. If there's not a way to do > this, then this sounds like an issue that should be added to the BUGS > section > of the bridge(4) man page. > > Aaron out. > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000a01c3f193$7f36a500$011aa8c0>