forwarding didn't work if wlan0 is member of a bridge
Olivier Cochard-Labbé
olivier at cochard.me
Wed Dec 23 10:32:20 UTC 2015
Hi,
If wlan0 interface is member of a bridge, FreeBSD didn't reach to
forward-back packets to wireless client
My setup is this one:
internet gateway <--> [net0] fbsd router [net1 + wifi-hostap in bridge0]
<--> wireless client
and the problem description:
- wireless clients didn't receive any packet back: the fbsd-router blocks
answers because it thinks wireless clients are "unreachable".
- But wireless clients can reach all IP of the fbsd-router hitself without
problem, and fbsd-router can ping them too.
- Ethernet clients connected to the same bridge0 didn't have problem
A tcpdump on the outgoing interface shows the fbsd-router correctly
receiving/NATing/forwarding the wireless-client packet (10.239.142.104
natted to 192.168.100.70) toward the Internet-gateway (192.168.100.254),
but once received the response from the internet-gateway it is not able to
reach the wireless-client (unreachable):
[fbsd-router]~> sudo tcpdump -pni net0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on net0, link-type EN10MB (Ethernet), capture size 262144 bytes
07:35:24.869560 IP 192.168.100.70 > 192.168.100.254: ICMP echo request, id
1, seq 375, length 40
07:35:24.869772 IP 192.168.100.254 > 192.168.100.70: ICMP echo reply, id 1,
seq 375, length 40
07:35:24.870314 IP 192.168.100.70 > 192.168.100.254: ICMP host
10.239.142.104 unreachable, length 36
But directly from the fbsd-router, there is no problem for reaching the
wireless-client:
[fbsd-router]~> ping wireless-client
PING 10.239.142.104 (10.239.142.104): 56 data bytes
64 bytes from 10.239.142.104: icmp_seq=0 ttl=128 time=2.633 ms
64 bytes from 10.239.142.104: icmp_seq=1 ttl=128 time=1.614 ms
I'm using a bridge because I need to use only one subnet for all my clients
(ethernet and wifi):
[fbsd-router]~> ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
ether 02:82:9f:45:81:00
inet 10.239.142.126 netmask 0xffffffe0 broadcast 10.239.142.127
nd6 options=49<PERFORMNUD,IFDISABLED,NO_RADR>
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: wlan0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 6 priority 128 path cost 33333
member: net1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 2 priority 128 path cost 55
And this "unreacheable" problem is related to the bridge, if I remove the
wlan0 from the bridge, there is no more problem.
What problem can cause FreeBSD to answer back "unreachable" when wlan0 is
member of a bridge ?
Head versions tested: r290522, r291362, r292613.
Thanks,
More information about the freebsd-current
mailing list