Date: Mon, 1 Sep 2003 17:49:21 -0500 From: "Micheal Patterson" <micheal@cancercare.net> To: "Aled Treharne" <aled@thinknuts.org>, <freebsd-questions@freebsd.org> Subject: Re: no response on unnumbered bridged interface? Message-ID: <054601c370db$6198d2e0$0201a8c0@dredster> References: <002001c370d6$2b77ce50$c32d20d4@aled>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Aled Treharne" <aled@thinknuts.org> To: <freebsd-questions@freebsd.org> Sent: Monday, September 01, 2003 5:12 PM Subject: no response on unnumbered bridged interface? > Hi guys. > > I've just upgraded (aka reinstalled) my firewall up to 5.1-RELEASE. The > hardware isn't particularly new, but it's been quite happily trudging > along for the past few years using 4.something. However, with 5.1, I've > found weirdness and I wanted to check to see if this is expected > behaviour or not. > > The machine has two 3C509's ep0 (external) and ep1 (internal). Ep0 is > numbered and the following sysctl variables set: > > Net.link.ether.bridge_cfg="ep0,ep1" > Net.link.ether.bridge_ipfw=1 > Net.link.ether.bridge=1 > > Now it bridges quite happily ( I have IPFIREWALL_DEFAULT_ACCEPT set in > the kernel), and I can ping back and forth without any problem. However, > if I try and access the bridge from a machine connected to the switch on > the inside interface, it doesn't respond. Tcdump on the box shows ECHO > request packets, I see arp traffic (and the inside machine has the > correct mac address), but I see no echo responses. This is a problem, > since I'd like to admin this box from inside my network. :) I also > wouldn't mind the box seeing the internal network... > > I can't see anything wrong with what I've got, and there's nothing in > the docs about this problem. I also experienced this problem with a > Intel EtherExpress Pro I had in there as the internal interface, and > both the ep1 card and the Intel NIC have worked in other boxes. > > Has anyone got any ideas on what's going on here? As far as I can tell, > the config is identical to my previous installation... > > Cheers, > Aled. Is the system configured to forward packets? Assuming that 5.x has the following variables available (I still run 4.8 here), try: sysctl -a |grep forwarding You should see "net.inet.ip.forwarding: 1". If it's 0, then your system won't pass traffic between the the interfaces. -- Micheal Patterson Network Administration Cancer Care Network 405-917-0600
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?054601c370db$6198d2e0$0201a8c0>