Date: Mon, 24 Apr 2023 13:38:29 +0100 From: rb@gid.co.uk To: Tomek CEDRO <tomek@cedro.info> Cc: FreeBSD Hackers <freebsd-hackers@FreeBSD.org> Subject: Re: Host address zero vs bridge, carp and nat Message-ID: <8B45B85E-06E3-4FF3-9168-13A6D85DE38D@gid.co.uk> In-Reply-To: <CAFYkXjnqM=iry%2B%2BodCfTTC9W=KQife0nNVx%2BS5K9VuvPy9Dbdg@mail.gmail.com> References: <BFC2AEDB-4245-4B01-BBC0-9582D5CAC63E@gid.co.uk> <CAFYkXjnqM=iry%2B%2BodCfTTC9W=KQife0nNVx%2BS5K9VuvPy9Dbdg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > On 24 Apr 2023, at 03:15, Tomek CEDRO <tomek@cedro.info> wrote: > > On Mon, Apr 24, 2023 at 12:00 AM Bob Bishop wrote: >> (..) >> doesn’t pass traffic through the bridge. The NAT is in-kernel via ipfw and there are firewall rules in play but they do not seem to be a factor. > > Have you tried sysctl ? > net.link.bridge.ipfw=0 > net.link.bridge.pfil_bridge=0 > net.link.bridge.pfil_member=0 Interesting. Setting net.link.bridge.pfil_member=0 seems to fix it with no other change. So looks like it’s a libalias/pfil thing with the zero host address. Need net.link.bridge.pfil_bridge=1 for ipfw to work at all. net.link.bridge.ipfw=0. > -- > CeDeROM, SQ7MHZ, http://www.tomek.cedro.info > -- Bob Bishop rb@gid.co.uk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8B45B85E-06E3-4FF3-9168-13A6D85DE38D>