Bridge and NAT problems
Andrea Venturoli
ml.diespammer at netfence.it
Thu Feb 22 17:22:42 UTC 2007
Bruce A. Mah wrote:
> You didn't say which bridging driver or version of FreeBSD you're using,
> but it sounds to me like you're using bridge(4), right?
Yes.
> This is a
> fairly well known problem, which I wrote a little bit about here:
>
> http://lists.freebsd.org/pipermail/freebsd-net/2004-December/006075.html
>
> (This message describes a scenario with ipf, but it applies equally well
> I think to ipfw.)
Read that.
So I guess my analysis was wrong in that I thought natd was not
reconverting packets; from what you say I understand the problem is that
this packets are not diverted to natd, right?
The details are right now beyond my understanding...
> If you can, try switching to using if_bridge(4).
I cannot right now, since I have to wait to be physically at this box,
but I could try in the future. Do you see any drawback?
> You (probably) want to
> assign the public NAT address to the bridge0 interface, and leave the
> physical interfaces making up the bridges (xl0 and rl1 in your case)
> unnumbered. I've had good experiences with this type of configuration.
Ok.
So I would only need to
create the bridge0 interface as per man page
sysctl net.link.bridge.ipfw=1
sysctl net.link.bridge.pfil_onlyip=0
change every reference to rl1 in my ipfw ruleset to bridge0
Anything else?
Would everything work the same as now (apart from this "feature" which
is causing me troubles)?
bye & Thanks a lot
av.
More information about the freebsd-net
mailing list