Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 03 Jun 2002 13:48:59 +0200
From:      =?ISO-8859-1?Q?Johan_Bj=F6rk?= <johan.bjork@qbrick.com>
To:        freebsd-stable@FreeBSD.ORG
Subject:   Re: Bridge and ARP problem
Message-ID:  <3CFB57AB.5090503@qbrick.com>
References:  <3CFA5F70.9020000@qbrick.com> <20020602114514.G20911@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

Ok sorry if didn´t explained my problem better. Here we go:

One box: 4 NIC, xl0,xl1,xl2,dc0

xl0 and dc0 is the bridge. None of these interfaces have an IP-address.
xl0 is connected to the same switch as xl2. xl2 is my "outside"
interface for my LAN. On xl1 I have DHCPd, IPnat is sending the
trafic to xl2.

map xl2 10.105.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map xl2 10.105.1.0/24 -> 0.0.0.0/32 portmap auto
map xl2 10.105.1.0/24 -> 0.0.0.0/32

The bridge(xl0 and dc0) is working. But in log/messages I get the Arp
errors.

[Internet]
      |
      |
[ Switch ]---[xl0;No IP]-bridge-[dc0;No IP]---[DMZ Switch]
      |
      |
[xl2 Outside interface LAN; With IP: XX.XXX.XXX.XX]
      |
      |
[xl1 Inside interface LAN; With IP: 10.105.1.1]

Sysctl:
net.link.ether.bridge_cfg: xl0:0,dc0:0
net.link.ether.bridge: 1
net.link.ether.bridge_ipf: 1

My ipf.rules only allow tcp/udp in to the DMZ. No other protocol.

Best regards,
Johan Björk

Crist J. Clark wrote:
 > On Sun, Jun 02, 2002 at 08:09:52PM +0200, Johan Björk wrote:
 >
 >>Hi folks,
 >>
 >>I have a working firewall using BRIDGE and ipfilter (Patch from:
 >>http://people.freebsd.org/~cjc/).
 >>
 >>But when I installed two more NIC's for our LAN I see some errors. I
 >>have a real IP-address on LAN outside interface, using ipnat for our
 >>traffic.
 >>I see:
 >>/kernel: arp: 00:01:02:8a:72:d8 is using my IP address XX.XXX.XXX.XX
 >>
 >>(XX = outside IP-address) The mac-address is the outside interface of
 >>the DMZ-bridge. Both outside interfaces are connected to the same switch.
 >>
 >>The network setup:
 >>
 >>[Internet]
 >>       |
 >>       |
 >>[ Switch ]----[Outside interface DMZ; No Ip-address assign]
 >>    |
 >>    |
 >>[ Outside interface LAN]
 >
 >
 > I don't understand this diagram. Where is the FreeBSD bridge in
 > question? Who has the IP address XX.XXX.XXX.XX? What IP addresses are
 > assigned to the bridges interfaces?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CFB57AB.5090503>