From owner-freebsd-net@FreeBSD.ORG Sat May 10 19:11:55 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5FD4B1065675 for ; Sat, 10 May 2008 19:11:55 +0000 (UTC) (envelope-from jay@jcornwall.me.uk) Received: from vps1.jcornwall.me.uk (vps1.jcornwall.me.uk [193.227.111.74]) by mx1.freebsd.org (Postfix) with ESMTP id 299408FC1B for ; Sat, 10 May 2008 19:11:55 +0000 (UTC) (envelope-from jay@jcornwall.me.uk) Received: from [82.70.152.17] (cobra.home.jcornwall.me.uk [82.70.152.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vps1.jcornwall.me.uk (Postfix) with ESMTP id 8FF335201D4 for ; Sat, 10 May 2008 19:56:58 +0100 (BST) Message-ID: <4825EF8D.1050304@jcornwall.me.uk> Date: Sat, 10 May 2008 19:55:09 +0100 From: "Jay L. T. Cornwall" User-Agent: Thunderbird 2.0.0.14 (X11/20080505) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: if_bridge with two subnets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 May 2008 19:11:55 -0000 Hi, I have an if_bridge, thus: bridge0: flags=8843 metric 0 mtu 1500 inet XX.XX.XXX.20 netmask 0xfffffff8 broadcast XX.XX.XXX.23 inet 192.168.1.30 netmask 0xffffff00 broadcast 192.168.1.255 On one side of the bridge is a layer 2 switch with clients of a mix of addresses from these two subnets. On the other side is a gateway XX.XX.XXX.22. All clients can communicate through the gateway correctly, with the 192.168.1.x subnet being NAT'd. However, clients from one subnet cannot communicate with clients from the other subnet. Pinging a 192.168.1.X machine from the other subnet shows the packet incorrectly routed out through the gateway, not back through the interface it came. The routing table shows that both subnets should be routed through the bridge: XX.XX.XXX.XX/29 link#5 UC 0 0 bridge 192.168.1.0/24 link#5 UC 0 0 bridge The bridge host itself can ping machines on both subnets. So why is the if_bridge routing packets destined for the private subnet out through the default route instead? (The specific hosts being pinged are present in the routing table from ARP lookups. They are all destined for the bridge interface.) -- Jay L. T. Cornwall http://www.jcornwall.me.uk/