Date: Sat, 7 May 2005 13:16:01 +0100 (BST) From: Gavin Atkinson <gavin.atkinson@ury.york.ac.uk> To: Josef Karthauser <joe@FreeBSD.org> Cc: net@FreeBSD.org Subject: Re: ipfw broken with bridge under 5.x (5.3 and 5.4) Message-ID: <20050507131437.C72452@ury.york.ac.uk> In-Reply-To: <20050504171851.GB1863@genius.tao.org.uk> References: <20050502200413.GB46745@genius.tao.org.uk> <20050504142425.GB710@genius.pact.cpes.susx.ac.uk> <20050504171851.GB1863@genius.tao.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 4 May 2005, Josef Karthauser wrote: > On Wed, May 04, 2005 at 06:13:22PM +0100, Gavin Atkinson wrote: >> >> I believe I am seeing similar problems to you, though uptime for me is >> generally measurable in days rather than minutes. I've found that >> adding an explicit "allow all from any to any" and then removing it >> again seems to get it working. I will test your solution when mine >> fails again. > > It appears that the solution is obtained by adding the rule: > > allow ip from any to any layer2 mac-type arp > > to the beginning of the firewall list. IPFW2 drops non-IP traffic > whereas IPFW1 passes it though. This is the reason why my configuration > stopped working after the upgrade. Ah-ha! This also seems to have fixed it for me. There are a few bits of documentation which should probably be updated with this, I'll submit a patch in a day or two. Gavin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050507131437.C72452>