From owner-freebsd-questions@FreeBSD.ORG Mon Sep 1 15:49:44 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3A2916A4BF for ; Mon, 1 Sep 2003 15:49:44 -0700 (PDT) Received: from lakemtao07.cox.net (lakemtao07.cox.net [68.1.17.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96DE443FA3 for ; Mon, 1 Sep 2003 15:49:43 -0700 (PDT) (envelope-from micheal@cancercare.net) Received: from dredster ([68.12.67.176]) by lakemtao07.cox.net (InterMail vM.5.01.06.04 201-253-122-130-104-20030726) with SMTP id <20030901224943.WWUZ18874.lakemtao07.cox.net@dredster>; Mon, 1 Sep 2003 18:49:43 -0400 Message-ID: <054601c370db$6198d2e0$0201a8c0@dredster> From: "Micheal Patterson" To: "Aled Treharne" , References: <002001c370d6$2b77ce50$c32d20d4@aled> Date: Mon, 1 Sep 2003 17:49:21 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: no response on unnumbered bridged interface? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Sep 2003 22:49:44 -0000 ----- Original Message ----- From: "Aled Treharne" To: Sent: Monday, September 01, 2003 5:12 PM Subject: no response on unnumbered bridged interface? > Hi guys. > > I've just upgraded (aka reinstalled) my firewall up to 5.1-RELEASE. The > hardware isn't particularly new, but it's been quite happily trudging > along for the past few years using 4.something. However, with 5.1, I've > found weirdness and I wanted to check to see if this is expected > behaviour or not. > > The machine has two 3C509's ep0 (external) and ep1 (internal). Ep0 is > numbered and the following sysctl variables set: > > Net.link.ether.bridge_cfg="ep0,ep1" > Net.link.ether.bridge_ipfw=1 > Net.link.ether.bridge=1 > > Now it bridges quite happily ( I have IPFIREWALL_DEFAULT_ACCEPT set in > the kernel), and I can ping back and forth without any problem. However, > if I try and access the bridge from a machine connected to the switch on > the inside interface, it doesn't respond. Tcdump on the box shows ECHO > request packets, I see arp traffic (and the inside machine has the > correct mac address), but I see no echo responses. This is a problem, > since I'd like to admin this box from inside my network. :) I also > wouldn't mind the box seeing the internal network... > > I can't see anything wrong with what I've got, and there's nothing in > the docs about this problem. I also experienced this problem with a > Intel EtherExpress Pro I had in there as the internal interface, and > both the ep1 card and the Intel NIC have worked in other boxes. > > Has anyone got any ideas on what's going on here? As far as I can tell, > the config is identical to my previous installation... > > Cheers, > Aled. Is the system configured to forward packets? Assuming that 5.x has the following variables available (I still run 4.8 here), try: sysctl -a |grep forwarding You should see "net.inet.ip.forwarding: 1". If it's 0, then your system won't pass traffic between the the interfaces. -- Micheal Patterson Network Administration Cancer Care Network 405-917-0600