bridge with access on both interfaces

[Bruce A. Mah]

If memory serves me right, Ian Smith wrote:

> In short, ifconfig appears unwilling to have two NICs covering the same
> /24.  Can this be set up?  I'm also at a bit of a loss with the routing,
> so inside packets to the bridge box (ie unbridged packets) are responded
> to on the same interface, and outside unbridged packets go only to/from
> the gw.  Some tcpdumps on both in and outside interfaces suggest an ARP
> response problem also, perhaps; no responses on the inside iface at all.

Hi Ian--

This may or may not be the source of your problem, but I've been
procrastinating on writing this up for a couple months and this was
the impetus that pushed me over the edge.

In 4-STABLE, there's a bug that prevents ARP from working correctly on
unnumbered bridge interfaces when bridging is enabled using the
bridge.ko module.  Basically, there are some checks in the ARP code
that decide when to accept inbound ARP packets.  These checks are a
little different when the inbound interface is part of a bridge group.
Some of these tests are conditional on the BRIDGE preprocessor symbol;
this symbol gets defined if "options BRIDGE" is compiled into the
kernel but not if you use the bridge.ko module.  As a result, ARP
packets on unnumbered interfaces get thrown away.

The workaround for this problem is just to compile BRIDGE into the
kernel.  Manuel Kasper and I spent a few cycles working on this trying
to make a m0n0wall box into a filtering bridge.

For more specifics, see src/sys/netinet/if_ether.c (grep for BRIDGE in
this file).

Merry Christmas!

Bruce.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20031225/5dcc205e/attachment.bin