Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 13 Oct 2002 20:17:11 -0400 (EDT)
From:      Andriy Gapon <agapon@excite.com>
To:        freebsd-ipfw@freebsd.org
Subject:   ip broadcast bridging
Message-ID:  <20021013194727.Q12422-100000@edge.foundation.invalid>

next in thread | raw e-mail | index | archive | help

It looks like broadcast packets are not always bridged correctly. I have a
host that used to be a gateway between 3 LANs, then I changed it to do
briding between two of them (one interface kept its ip address, the
other got none) and to be a gateway to the third one and until
recently I haven't bothered to change firewall rules on that
bridge/gateway. I got a bit puzzled when I noticed that firewall has
matches for the rules applicable only to the bridged interface without an
ip address. Of course I wouldn't be surpised if I hadn't
net.link.ether.bridge_ipfw: 0
My understanding that in this situation bridging should happen before ipfw
check and thus ipfw should not see any ip packets on the interface without
ip address.
After enabling logging for the rules in question it looks like only
broadcast packets of the bridged subnet originating from LAN connected to
ip-address-less interface get matched.
Using tcpdump I see that there is nothing wrong with the packets i.e. they
have correct ip and ether source addresses and correct destination:
broadcast ip address of the subnet and ff:ff:ff:ff:ff:ff ethernet
address.

I have 4.7-RELEASE and ipfw2 on the bridge/gateway.
Sorry if this is not the most appropiate place to discuss this topic.

-- 
Andriy Gapon
*
"I do not know myself, and God forbid that I should."
Johann Wolfgang von Goethe


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021013194727.Q12422-100000>