Date: Mon, 10 May 2004 18:30:39 -0400 From: Etienne Robillard <erob@videotron.ca> To: Juan Rodriguez Hervella <jrh@it.uc3m.es>, freebsd-net@freebsd.org Subject: Re: bridging and promiscuous mode... works but can"t get packets back Message-ID: <40A0028F.2050409@videotron.ca> In-Reply-To: <200405102114.34437.jrh@it.uc3m.es> References: <409FCAA5.5000504@videotron.ca> <200405102114.34437.jrh@it.uc3m.es>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Juan Rodriguez Hervella wrote: | On Monday 10 May 2004 20:32, Etienne Robillard wrote: | |>Hi |> |>I am quite new to this list :) |> |>Context: |>There's a bridge that does one logical net for two nics (vr0,rl0) on the |>same box (freebsd-4.10-prerelease). |> |>vr0 = outsite net (isp connected with dhclient) |>rl0 = inside net (192.168.1.1) connected with a 10BaseT/UTP cable. |> |>The module in use is bridge.ko and ipfw is in use by the bridge. |>Moreover, there's two servers (dhcpd/dnscache) that do dhcp and |>name-resolution on 192.168.1.1 (rl0). |> |>Question: Why promiscuous-mode enabled interfaces routes packets |>outbound successfully but not inbound ?? That is, why the private host |>can lookup addresses, but fails to receive back tcp packets from the |>internet ? |> |>any ideas ? |> |>I would really much appreciate any kinds of comments or hints concerning |>this scenario... |> |>Thanks |> | | | Hello Etienne, | | I think that you dont have to make bridging, I think you need to make NAT. | | As far as I know, if you bridge both interfaces, you are joining the | networks at the link layer (L2), but the IP layer (L3) | is what it is used to route your packets in the internet. so | If your packets are sent with a private IP address as source address, | (192.168.X.X) you won't get any response back (private addressing is | not globally routable) | | I've got dial-up access at home and I use | "ppp" with the NAT option to deal with the | same situation your are describing here, I think. | | Hope this helps. | Solved :) Thanks, Juan, for pointing this out in the ether :) Apparently, natd seem's like working with promiscuous-kind-of nics... Still strange, however, that the internal interface needs to be in promisc-mode, so that packets from the dhcpd daemon goes in/out. Guess there's plenty of homeworks for me to do in ifconfig(8) :P erob -----BEGIN PGP SIGNATURE----- Comment: quork teht! iD8DBQFAoAKOfhO/J4JSDfYRAt/vAKCE/gSUJzYp3gyugs/6d0C9+OwbxACgmg1W lzGByZaHREflf/ggsgJFlRY= =HJIC -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40A0028F.2050409>