Date: Tue, 9 Jul 2019 01:22:07 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Michael Sierchio <kudzu@tenebras.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Dan Lists <lists.dan@gmail.com> Subject: Re: Bridge Not Forwarding ARP Message-ID: <e2b2da0a-77d4-2235-c5b5-1b677be2a37e@grosbein.net> In-Reply-To: <CAHu1Y70R%2BBwiKTLoA0KqK2xJ5YpcM_O2ApNoackm_izEFP0DJA@mail.gmail.com> References: <CAPW8bZ2NaXB24p1mtH=A2f8ZukTPn7%2BPKXwUN2F0Osrn0exYNw@mail.gmail.com> <CAHu1Y72BjAgrM6=gFAJK6D9drAqda_oKz1V=cA4Ex18=fdFAQQ@mail.gmail.com> <CAPW8bZ3PE20dCaeddfBGA1FOobCa%2BHAxLVeHgvjKp9%2BB_TapkQ@mail.gmail.com> <9e33c592-bd64-277e-6c21-fdeba7e44a94@grosbein.net> <CAHu1Y70R%2BBwiKTLoA0KqK2xJ5YpcM_O2ApNoackm_izEFP0DJA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
09.07.2019 0:43, Michael Sierchio wrote: > On Mon, Jul 8, 2019 at 10:33 AM Eugene Grosbein <eugen@grosbein.net> wrote: > > 09.07.2019 0:19, Dan Lists wrote: >> >>> On Mon, Jul 8, 2019 at 11:55 AM Michael Sierchio <kudzu@tenebras.com> >> wrote: >>> >>>> What's your firewall ruleset look like? (show, don't tell) >>> The firewall is off for testing (the machine is only on a private >> network). >>> # ipfw list >>> 65535 allow ip from any to any >>>> What does sysctl report on the interfaces and on arp? >>> I have not changed any settings. >> >> Show output of ifconfig for the bridge and for its members, too. >> I suppose some misconfiguration like IP address assigned to member >> interfaces that is wrong. >> All IP addresses need to be moved to the bridge interface itself. >> >> > Does 'ip' in ipfw match arp packets? We have net.link.bridge.ipfw_arp that defaults to 0 (false): $ sysctl -d net.link.bridge.ipfw_arp net.link.bridge.ipfw_arp: Filter ARP packets through IPFW layer2 If one changes it to 1 so ipfw would get bridged ARP frames, then answer to your question should depend on value of net.link.ether.ipfw (0 by default) as ARP packets have no IP header. So if you change so many sysctls, you will be able to filter ARP frames with "ip" keyword as "ip" equals to "all" in ipfw.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e2b2da0a-77d4-2235-c5b5-1b677be2a37e>