5.2 Bridging issue

Cody Baker cody at wilkshire.net
Thu Feb 12 10:10:31 PST 2004 

I am having this same issue, 5.2 RELESE.

----- Original Message ----- 
From: "Tony Saign" <tony at saign.com>
To: "'Aaron D. Gifford'" <agifford at infowest.com>
Cc: <isp at freebsd.org>
Sent: Thursday, February 12, 2004 9:45 AM
Subject: RE: 5.2 Bridging issue


> I have a similar setup, and it works just fine.
>
> My config;
>
> fxp0 = internet
> fxp1 = LAN
> ath0 = WLAN bridged to fxp1
>
> fxp0 = 66.146.x.x
> fxp1 = 172.17.1.1
> ath0 = zip, no ip address assigned
> %ifconfig ath0
> ath0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
>         ether 00:0b:cd:59:00:33
>         media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
>         status: associated
>         ssid BSDg 1:BSDg
>         channel 1 authmode OPEN powersavemode OFF powersavesleep 100
>         wepmode MIXED weptxkey 1
>         wepkey 1:104-bit
>
> My /etc/rc.conf
> defaultrouter="66.146.x.x"
> gateway_enable="YES"
> ifconfig_fxp0="inet 66.146.x.x  netmask 255.255.255.0"
> ifconfig_fxp1="inet 172.17.1.1  netmask 255.255.255.0"
> ifconfig_ath0="inet up ssid BSDg mediaopt hostap"
> sysctl net.link.ether.bridge.enable=1
> sysctl net.link.ether.bridge.config="ath0 fxp1"
> sysctl net.link.ether.bridge.ipfw=1
>
> Kernel config includes DUMMYNET, and IPFW
> IPFW handles NAT on my box.
> I have a script in rc.d that runs to set band .a/b/g and WEP key
> My system is 5.2-CURRENT, and also acts as a DNS/DHCP server.
>
> -Tony
>
>
> -----Original Message-----
> From: owner-freebsd-ipfw at freebsd.org
[mailto:owner-freebsd-ipfw at freebsd.org]
> On Behalf Of Aaron D. Gifford
> Sent: Thursday, February 12, 2004 2:57 AM
> To: "FreeBSD List"@FreeBSD.ORG
> Subject: 5.2 Bridging issue
>
> PROBLEM SUMMARY:
> ----------------
>
> I've got a bridge(4) issue on a BSD 5.2.1 box.  The bridging box has three
> ethernet interfaces, two bridged together in a single cluster, and one
> connected to the internet.  The box acts as a bridge for the two network
> segments, and as a router to the Internet (it's the default gateway).  The
> problem is, only one of the bridged segments can communicate with the BSD
> box directly (and thus the Internet), even though the two segments can
talk
> to each other just fine.
>
>
> NETWORK SET-UP:
> ---------------
>
> First, let me clue you in on my network set-up:
>
> FreeBSD 5.2 Box with 3 ethernet interfaces, em0, rl0, and rl1:
>
> [FreeBSD Box]
>   |   |   |
>  rl0 rl1 em0
>   |   |   |
>   |   |   +---To-Internal-Network-Segment-#1...
>   |   |
>   |   +---To-Internal-Network-Segment-#2..
>   |
>   +---Internet...
>
> Interfaces rl1 and em0 are bridged:
>
>   net.link.ether.bridge.config=em0:1,rl1:1
>
> Since they ARE bridged and so are "on the same subnet", only em0 has
> an IP address:
>
>   ifconfig em0 inet 10.10.10.1/16
>
> I don't see how or why one would need or could assign an IP on the
> same subnet to the other interface, rl1, unless it was handled like
> many alias addresses, as a /32 host address.
>
> Interface rl0 is the link to the Internet.
>
> Bridging for the most part seems to be working.  Hosts on segment #1
> (via em0) are visible to hosts on segment #2 (connected via rl1).  They
> can ping each other, get ARP address resolution, and pass IP traffic.
>
> All hosts use 10.10.10.1 as their default gateway to the Internet.
>
> Hosts on segment #1 can reach the Internet just fine.
>
>
> PROBLEM DETAILS:
> ----------------
>
> Hosts on segment #2 cannot seem to be able to communicate with the
> bridinging/routing FreeBSD box's own IP addresses, and since it is the
> default gateway, in turn they cannot reach the Internet.  No layer 2
> traffic (ARP) reaches the FreeBSD box directly (the ARP table shows
> "incomplete" for all segment #2 addresses, even though ARP packets
> DO reach segment #1 just fine, passing transparently through the
> FreeBSD box.  The BSD box just can't see stuff addressed directly to it.
>
> This is NOT a firewalling or NAT issue.  This is exclusively a bridging
> issue.  Firewalling/NAT occurse elsewhere.
>
> So since I'm a FreeBSD bridge(4) newbie, after scouring the man page,
> reading the Handbook's information, searching various mailing list
archives,
> I can't find anything useful that tells me if bridge's bdg_forward() knows
> how to handle traffic like this.  Apparently it doesn't.
>
> So bridging is just fine if you want your BSD box hidden, transparent,
> invisible.  But if you want it visible so it can act as a default gateway
> to all segments of a subnet that are bridged together, HOW DOES ONE DO IT?
>
> I can't ifconfig the rl1 interface with an IP on the same subnet unless
it's
> a /32, and that accomplishes nothing (the IP packets are addressed to the
> IP address assigned to em0).  Bridging SHOULD just bridge, so traffic to
> the BSD box's em0 IP should come in on rl1 and be processed by the host.
>
> Somehow the bridging code knows the MAC addresses on the segment #2 side
of
> things (rl1), since it passes traffic between the two segments just fine.
> But the kernel's ARP table is totally ignorant.  It can't find those
hosts.
>
>
> REQUEST FOR HELP:
> -----------------
>
> Thanks in advance for all help, pointers, etc.  If there's not a way to do
> this, then this sounds like an issue that should be added to the BUGS
> section
> of the bridge(4) man page.
>
> Aaron out.
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>

More information about the freebsd-isp mailing list