From owner-freebsd-stable Thu Jun 22 16:19: 8 2000 Delivered-To: freebsd-stable@freebsd.org Received: from privatecube.privatelabs.com (privatecube.privatelabs.com [198.143.31.30]) by hub.freebsd.org (Postfix) with ESMTP id ECFE437B5EF for ; Thu, 22 Jun 2000 16:19:05 -0700 (PDT) (envelope-from mi@privatelabs.com) Received: from misha.privatelabs.com (root@misha.privatelabs.com [198.143.31.6]) by privatecube.privatelabs.com (8.9.3/8.9.2) with ESMTP id TAA06865; Thu, 22 Jun 2000 19:17:18 -0400 Received: from privatelabs.com (mi@localhost [127.0.0.1]) by misha.privatelabs.com (8.9.3/8.9.3) with ESMTP id TAA08981; Thu, 22 Jun 2000 19:17:15 -0400 (EDT) (envelope-from mi@privatelabs.com) From: mi@privatelabs.com Message-Id: <200006222317.TAA08981@misha.privatelabs.com> Date: Thu, 22 Jun 2000 19:17:12 -0400 (EDT) Subject: ouch: setting net.link.ether.bridge_ipfw to 1 causes a panic To: stable@freebsd.org Cc: luigi@iet.unipi.it MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello! We had the box acting as the bridging firewall sitting in between our DSL router and the rest of the network. The machine has three physical interfaces (dc-driver): The first one, the dc0 does not even have an IP of its own -- it connects directly to the DSL router. dc2 connects to the local network (/27) and the dc1 is for the internal experimental network. This setup ran fine since I put it together in April with 4.0-STABLE as of April 27. Two days ago I decided to upgrade it to the latest -stable and now the new kernel panics right after putting up the login prompt :( I narrowed this down -- the following commands were in my /etc/rc.local since the end of April and removing the commented out one prevents the panics: sysctl -w net.link.ether.bridge_cfg=dc0:1,dc1:0,dc2:1 sysctl -w net.link.ether.bridge=1 #sysctl -w net.link.ether.bridge_ipfw=1 sysctl -w net.link.ether.bridge_ipfw_drop=0 sysctl -w net.link.ether.bridge_ipfw_collisions=0 Unfortunately, it also allows access to our internal hosts :( I'm also noticing, that even though I don't want the bridging of dc1, it is put into the promiscuous mode anyway. What's wrong? Thanks, -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message