Date: Fri, 02 Dec 2005 17:19:20 -0500 From: David Pierron <david@wombatsweb.com> To: freebsd-pf@freebsd.org Subject: Re: FBSD6 if_bridge Message-ID: <4390C868.5010705@wombatsweb.com> In-Reply-To: <43909F53.4010905@freebsd.org> References: <43904815.4070805@wombatsweb.com> <43908AB1.7030107@freebsd.org> <43909B86.4050308@wombatsweb.com> <43909F53.4010905@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce A. Mah on 12/02/2005 2:24 PM wrote: >If memory serves me right, David Pierron wrote: > > >>Bruce A. Mah on 12/02/2005 12:56 PM wrote: >> >> >>>If memory serves me right, David Pierron wrote: >>> >>> >>>>fxp0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500 >>>> options=8<VLAN_MTU> >>>> ether xx:xx:xx:xx:xx:xx >>>> media: Ethernet autoselect (none) >>>> status: no carrier >>>>fxp1: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500 >>>> options=8<VLAN_MTU> >>>> ether xx:xx:xx:xx:xx:xx >>>> media: Ethernet autoselect (none) >>>> status: no carrier >>>> >>>> >>>>It looks to me like you didn't turn up either the fxp0 or fxp1 >>>>interfaces. It's correct to leave these interfaces unnumbered (i.e. no >>>>IP addresses) but they do need to be up. Try adding these lines to >>>>/etc/rc.conf: >>>> >>>>ifconfig_fxp0="up" >>>>ifconfig_fxp1="up" >>>> >>>> >>They weren't connected at the time the ifconfig was run. That's the >>reason for the no carrier ... I'm sure it's something in the >>configuration ... >> >> > >No, that's not what I meant. Notice that the fxp0 and fxp1 interfaces >don't have the "UP" flags (whether or not they're physically plugged in >is irrelevant). I'm pretty sure you need to "ifconfig up" both >interfaces before the bridge can use them and as far as I can tell you >didn't do this. I don't claim to be an expert in this area, but I *do* >have a filtering bridge working using if_bridge and PF.... > Ah! I applied those settings to rc.conf and got the following results: fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp0 prefixlen 64 scopeid 0x1 ether xx:xx:xx:xx:xx:xx media: Ethernet autoselect (none) status: no carrier fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp1 prefixlen 64 scopeid 0x2 ether xx:xx:xx:xx:xx:xx media: Ethernet autoselect (none) status: no carrier fxp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp2 prefixlen 64 scopeid 0x3 inet my.c.class.xxx netmask 0xffffff00 broadcast 64.243.181.255 ether xx:xx:xx:xx:xx:xx media: Ethernet autoselect (100baseTX <full-duplex>) status: active plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500 pfsync0: flags=0<> mtu 2020 pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 inet 127.0.0.1 netmask 0xff000000 bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500 ether xx:xx:xx:xx:xx:xx priority 32768 hellotime 2 fwddelay 15 maxage 20 member: fxp1 flags=3<LEARNING,DISCOVER> member: fxp0 flags=3<LEARNING,DISCOVER> I can't wait until the wee hours to test this! They do seem to have IPV6 addresses ... Can I shut that off? Comment out IPV6 in the kernel? I don't need IPV6 ... I see my: pass in on $mgt_if proto tcp from any to $mgt_if port 80 keep state expands out to two rules, one for inet and another for inet6 ... or change the command to: pass in on $mgt_if inet proto tcp from any to $mgt_if port 80 keep state I shouldn't have to worry about IPV6 ... Anyway, I'll report on the ifconfig_inf(x)="up" and see if that is the ticket ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4390C868.5010705>