Date: Sat, 15 Apr 2006 23:28:01 +0200 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: Andrew Thompson <thompsa@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: How to use if_bridge Message-ID: <20060415232801.0dbbc8f4@localhost> In-Reply-To: <20060415195147.GA54638@heff.fud.org.nz> References: <200604142048.20189.doconnor@gsoft.com.au> <20060414140709.20c51ebc@localhost> <200604151053.25089.doconnor@gsoft.com.au> <20060415115352.1ef82bb1@localhost> <20060415195147.GA54638@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_qBjUoB7fr8Elhev5xBezmo3 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Andrew Thompson <thompsa@freebsd.org> wrote: > On Sat, Apr 15, 2006 at 11:53:52AM +0200, Fabian Keil wrote: > > "Daniel O'Connor" <doconnor@gsoft.com.au> wrote: > >=20 > > > On Friday 14 April 2006 21:37, Fabian Keil wrote: > >=20 > > > > Depending on your firewall setup you might have to disable > > > > some of the net.link.bridge sysctls as well. > > >=20 > > > I don't have any firewalls in the kernel for simplicity at this stage. > >=20 > > If I'm not mistaken you have to disable net.link.bridge.pfil_onlyip > > then. From the if_bridge man page: > >=20 > > |net.link.bridge.pfil_onlyip Set to 1 to only allow IP packets to > > | pass when packet filtering is enabled (su= bject to > > | firewall rules), set to 0 to unconditiona= lly > > | pass all non-IP Ethernet frames. > >=20 > > It's enabled by default. >=20 > It may not be entirely clear from the description but that sysctl only > has affect when packet filtering is enabled, both for the on and off > values. >=20 > At present there are only pfil(9) hooks for IP and IPv6 filters, the > knob contols what happens when filtering is enabled and the packet is > not IP so wont be inspected, is it passed or dropped. >=20 > I'll try and clarify the man page. Thanks. I always interpreted the sentence as "Set to 1 to allow IP packets = to pass only if packet filtering is enabled". I thought it should prevent the user from creating an unfiltered bridge by accident. Another thing regarding the man page: The example section has the following sentence "Such a con- figuration could be used to implement a simple 802.11-to-Ethernet bridge (assuming the 802.11 interface is in ad-hoc mode)." I don't get the meaning of the ad-hoc mode part. In my tests if_bridge worked in hostap mode as well, but failed in infrastructure mode. Could you clarify if (or why not) bridging in infrastructure mode should work? Fabian --=20 http://www.fabiankeil.de/ --Sig_qBjUoB7fr8Elhev5xBezmo3 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEQWVqjV8GA4rMKUQRAu7hAKC/e+dE1mgnjogB8LQ5lpm5n4w4NACaAgfR SwRmMiZ0VevqURJpmBQ+CiY= =/MY/ -----END PGP SIGNATURE----- --Sig_qBjUoB7fr8Elhev5xBezmo3--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060415232801.0dbbc8f4>