From owner-freebsd-questions@FreeBSD.ORG Mon Sep 1 15:12:40 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A63FF16A4BF for ; Mon, 1 Sep 2003 15:12:40 -0700 (PDT) Received: from apollo.furrfu.net (pc4.aledadsl.ftech.co.uk [212.32.45.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79CB543F85 for ; Mon, 1 Sep 2003 15:12:39 -0700 (PDT) (envelope-from aled@thinknuts.org) Received: from pc2.aledadsl.ftech.co.uk ([212.32.45.195] helo=aled) by apollo.furrfu.net with esmtp (Exim 4.20) id 19twvC-0002Qh-8p for freebsd-questions@freebsd.org; Mon, 01 Sep 2003 23:13:14 +0100 From: "Aled Treharne" To: Date: Mon, 1 Sep 2003 23:12:44 +0100 Message-ID: <002001c370d6$2b77ce50$c32d20d4@aled> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: no response on unnumbered bridged interface? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Sep 2003 22:12:40 -0000 Hi guys. I've just upgraded (aka reinstalled) my firewall up to 5.1-RELEASE. The hardware isn't particularly new, but it's been quite happily trudging along for the past few years using 4.something. However, with 5.1, I've found weirdness and I wanted to check to see if this is expected behaviour or not. The machine has two 3C509's ep0 (external) and ep1 (internal). Ep0 is numbered and the following sysctl variables set: Net.link.ether.bridge_cfg="ep0,ep1" Net.link.ether.bridge_ipfw=1 Net.link.ether.bridge=1 Now it bridges quite happily ( I have IPFIREWALL_DEFAULT_ACCEPT set in the kernel), and I can ping back and forth without any problem. However, if I try and access the bridge from a machine connected to the switch on the inside interface, it doesn't respond. Tcdump on the box shows ECHO request packets, I see arp traffic (and the inside machine has the correct mac address), but I see no echo responses. This is a problem, since I'd like to admin this box from inside my network. :) I also wouldn't mind the box seeing the internal network... I can't see anything wrong with what I've got, and there's nothing in the docs about this problem. I also experienced this problem with a Intel EtherExpress Pro I had in there as the internal interface, and both the ep1 card and the Intel NIC have worked in other boxes. Has anyone got any ideas on what's going on here? As far as I can tell, the config is identical to my previous installation... Cheers, Aled.