From owner-freebsd-isp@FreeBSD.ORG Thu Feb 12 06:45:33 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E78216A4CE for ; Thu, 12 Feb 2004 06:45:33 -0800 (PST) Received: from p3.saignon.net (66-146-166-52.skyriver.net [66.146.166.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3D3C43D2F for ; Thu, 12 Feb 2004 06:45:32 -0800 (PST) (envelope-from tony@saign.com) Received: (qmail 39256 invoked by uid 1003); 12 Feb 2004 14:44:41 -0000 Received: from tony@saign.com by p3.saignon.net by uid 89 with qmail-scanner-1.20 Clear:RC:0(66.146.166.53):SA:0(0.0/5.0):. Processed in 2.683625 secs); 12 Feb 2004 14:44:41 -0000 X-Spam-Status: No, hits=0.0 required=5.0 Received: from unknown (HELO frankenmobl) (tony@saign.com@66.146.166.53) by 66-146-166-52.skyriver.net with SMTP; 12 Feb 2004 14:44:38 -0000 From: "Tony Saign" To: "'Aaron D. Gifford'" Date: Thu, 12 Feb 2004 06:45:26 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcPxbMdc2W4B+eS/R/u3tiuXfrF9TwACMBXQ X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <20040212105656.30C99620E@eq.net> X-Qmail-Scanner-Message-ID: <107659707865239244@p3.saignon.net> Message-Id: <20040212144532.B3D3C43D2F@mx1.FreeBSD.org> cc: isp@freebsd.org Subject: RE: 5.2 Bridging issue X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2004 14:45:33 -0000 I have a similar setup, and it works just fine. My config; fxp0 = internet fxp1 = LAN ath0 = WLAN bridged to fxp1 fxp0 = 66.146.x.x fxp1 = 172.17.1.1 ath0 = zip, no ip address assigned %ifconfig ath0 ath0: flags=8943 mtu 1500 ether 00:0b:cd:59:00:33 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated ssid BSDg 1:BSDg channel 1 authmode OPEN powersavemode OFF powersavesleep 100 wepmode MIXED weptxkey 1 wepkey 1:104-bit My /etc/rc.conf defaultrouter="66.146.x.x" gateway_enable="YES" ifconfig_fxp0="inet 66.146.x.x netmask 255.255.255.0" ifconfig_fxp1="inet 172.17.1.1 netmask 255.255.255.0" ifconfig_ath0="inet up ssid BSDg mediaopt hostap" sysctl net.link.ether.bridge.enable=1 sysctl net.link.ether.bridge.config="ath0 fxp1" sysctl net.link.ether.bridge.ipfw=1 Kernel config includes DUMMYNET, and IPFW IPFW handles NAT on my box. I have a script in rc.d that runs to set band .a/b/g and WEP key My system is 5.2-CURRENT, and also acts as a DNS/DHCP server. -Tony -----Original Message----- From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org] On Behalf Of Aaron D. Gifford Sent: Thursday, February 12, 2004 2:57 AM To: "FreeBSD List"@FreeBSD.ORG Subject: 5.2 Bridging issue PROBLEM SUMMARY: ---------------- I've got a bridge(4) issue on a BSD 5.2.1 box. The bridging box has three ethernet interfaces, two bridged together in a single cluster, and one connected to the internet. The box acts as a bridge for the two network segments, and as a router to the Internet (it's the default gateway). The problem is, only one of the bridged segments can communicate with the BSD box directly (and thus the Internet), even though the two segments can talk to each other just fine. NETWORK SET-UP: --------------- First, let me clue you in on my network set-up: FreeBSD 5.2 Box with 3 ethernet interfaces, em0, rl0, and rl1: [FreeBSD Box] | | | rl0 rl1 em0 | | | | | +---To-Internal-Network-Segment-#1... | | | +---To-Internal-Network-Segment-#2.. | +---Internet... Interfaces rl1 and em0 are bridged: net.link.ether.bridge.config=em0:1,rl1:1 Since they ARE bridged and so are "on the same subnet", only em0 has an IP address: ifconfig em0 inet 10.10.10.1/16 I don't see how or why one would need or could assign an IP on the same subnet to the other interface, rl1, unless it was handled like many alias addresses, as a /32 host address. Interface rl0 is the link to the Internet. Bridging for the most part seems to be working. Hosts on segment #1 (via em0) are visible to hosts on segment #2 (connected via rl1). They can ping each other, get ARP address resolution, and pass IP traffic. All hosts use 10.10.10.1 as their default gateway to the Internet. Hosts on segment #1 can reach the Internet just fine. PROBLEM DETAILS: ---------------- Hosts on segment #2 cannot seem to be able to communicate with the bridinging/routing FreeBSD box's own IP addresses, and since it is the default gateway, in turn they cannot reach the Internet. No layer 2 traffic (ARP) reaches the FreeBSD box directly (the ARP table shows "incomplete" for all segment #2 addresses, even though ARP packets DO reach segment #1 just fine, passing transparently through the FreeBSD box. The BSD box just can't see stuff addressed directly to it. This is NOT a firewalling or NAT issue. This is exclusively a bridging issue. Firewalling/NAT occurse elsewhere. So since I'm a FreeBSD bridge(4) newbie, after scouring the man page, reading the Handbook's information, searching various mailing list archives, I can't find anything useful that tells me if bridge's bdg_forward() knows how to handle traffic like this. Apparently it doesn't. So bridging is just fine if you want your BSD box hidden, transparent, invisible. But if you want it visible so it can act as a default gateway to all segments of a subnet that are bridged together, HOW DOES ONE DO IT? I can't ifconfig the rl1 interface with an IP on the same subnet unless it's a /32, and that accomplishes nothing (the IP packets are addressed to the IP address assigned to em0). Bridging SHOULD just bridge, so traffic to the BSD box's em0 IP should come in on rl1 and be processed by the host. Somehow the bridging code knows the MAC addresses on the segment #2 side of things (rl1), since it passes traffic between the two segments just fine. But the kernel's ARP table is totally ignorant. It can't find those hosts. REQUEST FOR HELP: ----------------- Thanks in advance for all help, pointers, etc. If there's not a way to do this, then this sounds like an issue that should be added to the BUGS section of the bridge(4) man page. Aaron out. _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"