From owner-freebsd-net@FreeBSD.ORG Mon May 10 12:14:45 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCD8716A4CE for ; Mon, 10 May 2004 12:14:45 -0700 (PDT) Received: from smtp02.uc3m.es (smtp02.uc3m.es [163.117.136.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1ACCA43D1D for ; Mon, 10 May 2004 12:14:45 -0700 (PDT) (envelope-from jrh@it.uc3m.es) Received: from smtp02.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id BD4302707C; Mon, 10 May 2004 21:14:43 +0200 (CEST) Received: from [163.117.139.95] (cimborrio.it.uc3m.es [163.117.139.95]) by smtp02.uc3m.es (Postfix) with ESMTP id A0EEA27040; Mon, 10 May 2004 21:14:43 +0200 (CEST) From: Juan Rodriguez Hervella Organization: UC3M To: freebsd-net@freebsd.org Date: Mon, 10 May 2004 21:14:34 +0200 User-Agent: KMail/1.6 References: <409FCAA5.5000504@videotron.ca> In-Reply-To: <409FCAA5.5000504@videotron.ca> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200405102114.34437.jrh@it.uc3m.es> cc: Etienne Robillard Subject: Re: bridging and promiscuous mode... works but can"t get packets back X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 19:14:45 -0000 On Monday 10 May 2004 20:32, Etienne Robillard wrote: > Hi > > I am quite new to this list :) > > Context: > There's a bridge that does one logical net for two nics (vr0,rl0) on the > same box (freebsd-4.10-prerelease). > > vr0 = outsite net (isp connected with dhclient) > rl0 = inside net (192.168.1.1) connected with a 10BaseT/UTP cable. > > The module in use is bridge.ko and ipfw is in use by the bridge. > Moreover, there's two servers (dhcpd/dnscache) that do dhcp and > name-resolution on 192.168.1.1 (rl0). > > Question: Why promiscuous-mode enabled interfaces routes packets > outbound successfully but not inbound ?? That is, why the private host > can lookup addresses, but fails to receive back tcp packets from the > internet ? > > any ideas ? > > I would really much appreciate any kinds of comments or hints concerning > this scenario... > > Thanks > Hello Etienne, I think that you dont have to make bridging, I think you need to make NAT. As far as I know, if you bridge both interfaces, you are joining the networks at the link layer (L2), but the IP layer (L3) is what it is used to route your packets in the internet. so If your packets are sent with a private IP address as source address, (192.168.X.X) you won't get any response back (private addressing is not globally routable) I've got dial-up access at home and I use "ppp" with the NAT option to deal with the same situation your are describing here, I think. Hope this helps. -- ****** JFRH ****** User n.: A programmer who will believe anything you tell him.