From owner-freebsd-questions@FreeBSD.ORG Sun Sep 28 17:44:09 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51B8616A4B3 for ; Sun, 28 Sep 2003 17:44:09 -0700 (PDT) Received: from blacklamb.mykitchentable.net (207-173-226-17.bras01.elk.ca.frontiernet.net [207.173.226.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BA0643F85 for ; Sun, 28 Sep 2003 17:44:07 -0700 (PDT) (envelope-from drew@mykitchentable.net) Received: from L035522 (unknown [192.168.1.28]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by blacklamb.mykitchentable.net (Postfix) with ESMTP id A66AC3BF424; Sun, 28 Sep 2003 17:44:06 -0700 (PDT) To: Nathan Kinkade References: <002f01c38547$10d89ef0$0301a8c0@bigdaddy> <20030927165534.GB696@npkfbsd> Message-ID: From: Drew Tomlinson Content-Type: text/plain; format=flowed; charset=iso-8859-15 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Date: Sun, 28 Sep 2003 17:44:05 -0700 In-Reply-To: <20030927165534.GB696@npkfbsd> User-Agent: Opera7.20/Win32 M2 build 3144 cc: FreeBSD Questions Subject: Re: ARP Question - Maybe? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Sep 2003 00:44:09 -0000 On Sat, 27 Sep 2003 16:55:35 +0000, Nathan Kinkade wrote: > On Sat, Sep 27, 2003 at 03:31:16PM -0700, Drew Tomlinson wrote: >> I'm trying to get a Linksys WET11 Wireless Ethernet Bridge working with >> a >> D-Link 530 NIC that uses the rl driver. I have configured the bridge >> and >> gotten it to work with a Windows XP box if I tell the bridge to use "MAC >> address cloning". However I can not get it working on my 4.8 FBSD box. >> >> I'm not really sure but I suspect my problem might be with ARP? The rl0 >> interface is configured as 192.168.100.2 and the bridge is connected to >> this >> interface. The bridge is configured with an IP address of >> 192.168.100.225 >> but as I understand it, this is only the address to use when connecting >> to >> the web based configuration utility. I have a Linksys access point with >> IP >> of 192.168.100.1. >> >> Anyway, after attempting connections to these three addresses, my arp >> table >> looks like this: >> >> ? (192.168.100.1) at (incomplete) on rl0 [ethernet] >> ? (192.168.100.2) at 00:05:5d:d0:ba:67 on rl0 permanent [ethernet] >> ? (192.168.100.225) at (incomplete) on rl0 [ethernet] >> >> I can not get any response from any device beyond the rl0 interface. I >> setup ipfw to log all traffic to that interface and can see the traffic >> going out: >> >> Sep 27 15:18:04 blacksheep /kernel: ipfw: 50 Accept ICMP:8.0 >> 192.168.100.2 >> 192.168.100.1 out via rl0 >> >> Sep 27 15:24:00 blacksheep /kernel: ipfw: 50 Accept ICMP:8.0 >> 192.168.100.2 >> 192.168.100.225 out via rl0 >> >> Can anyone educate me on arp and if it's my problem, tell me what I >> might >> need to add to my arp table to get things going? >> >> Thanks, >> >> Drew Thank you for your response. > I had this problem recently. Turns out that ipfw when used in > conjunction with bridging (net.link.ether.bridge_ipfw=1) that your I don't seem to have this. I'm running 4.8. Here's all of my net.link sysctls: net.link.generic.system.ifcount: 8 net.link.ether.inet.prune_intvl: 300 net.link.ether.inet.max_age: 1200 net.link.ether.inet.host_down_time: 20 net.link.ether.inet.maxtries: 5 net.link.ether.inet.useloopback: 1 net.link.ether.inet.proxyall: 0 net.link.ether.inet.log_arp_wrong_iface: 1 net.link.ether.ipfw: 0 net.link.gif.max_nesting: 1 net.link.gif.parallel_tunnels: 0 > default rule must be to allow all. You can mitigate this by making your > last rule something like: > > deny { tcp or udp } from any to any I am already set up like this. > This should basically block pretty much any traffic that you are > probably worried about. To test that this is the problem, disable the > firewall temporarily, maybe with something like: > > # sysctl net.link.ether.bridge_ipfw=0 > > then try your network. if it works, the re-enable ipfw by setting the > above parameter back to 1. then take a look at your arp cache expiry > with `arp -an' and make note as to wether the net breaks again as soon > as the arp entry expires. > > you can set ipfw to use a default rule of accepting by adding this > option to you kernel config: > > options IPFIREWALL_DEFAULT_TO_ACCEPT As I understand it, I don't need to configure my FBSD box as a bridge. Please let me know if I am incorrect. Basically, I want to use my neighbor's connection as a backup link to the Internet. He has a Linksys Wireless Access Point/Router in his home. Instead of installing a wireless card in my FBSD box, I bought a Linksys Wireless Bridge so I could install it by a window to get a better signal. The Linksys bridge connects via ethernet cable to the D-Link NIC in my FBSD box. Here's a diagram of the setup: Internet | Public IP | ADSL Modem/Router 192.168.10.1 | dc0 192.168.10.2 | FBSD 4.8 --------- rl0 | 192.168.100.2 dc1 | 192.168.1.2 192.168.100.225 | Wireless Bridge Internal LAN | 192.168.100.1 Neighbor's AP I can get to the wireless bridge from my neighbor's network and I can get to the rl0 from my internal LAN. The breakage is between the rl0 interface and the linksys wireless bridge. Do you have any idea what I need to configure to make things work? Thanks again for your time!!! Drew