5.4-stable, 802.1q vlans, ipfw, and bridging??
virenp at mail.utexas.edu
Fri Jul 15 16:13:57 GMT 2005
Hello. I am trying to setup a bridging firewall between
multiple 802.1q vlans. Vlans 1 and 2 are public and vlans
3 and 4 are private. Vlans 1 and 3 are to be bridged, as
are vlans 2 and 4. Router/switches are Cisco. My setup is
PC with Intel Pro/1000 MT dual-port server adapter
network interfaces="em0 em1 lo0"
ifconfig_em0="up promisc vlanhwtag"
ifconfig_em1="up promisc vlanhwtag"
cloned_interfaces="vlan1 vlan2 vlan3 vlan4"
ifconfig_vlan1="vlan1 vlan 1 vlandev em0"
ifconfig_vlan2="vlan2 vlan 2 vlandev em0"
ifconfig_vlan3="vlan3 vlan 3 vlandev em1"
ifconfig_vlan4="vlan4 vlan 4 vlandev em1"
Vlans 1 and 2 are trunked to em0 and vlans 3 and 4 are
trunked to em1.
The firewall does not seem to be functioning correctly. A
PC on private vlan is not able to connect out. In the open
firewall configuration as above, I would expect all
traffic to be passed from private to public vlans and
Starting a steady ping on the private PC, then capturing
vlan traffic on the firewall via tcpdump shows arp
requests on the private vlan, and corresponding arp
requests on the public vlan, but no arp replies.
Sniffing the physical interfaces on the firewall shows the
Sniffing the public vlan via a third host however does not
show any arp traffic at all. So it seems the vlan bridging
is working on the firewall, however the packets are not
being put out on the parent interface of the public vlan.
What am I doing wrong?
More information about the freebsd-net