FBSD6 if_bridge

David Pierron david at wombatsweb.com
Fri Dec 2 22:19:25 GMT 2005 

Bruce A. Mah on 12/02/2005 2:24 PM wrote:

>If memory serves me right, David Pierron wrote:
>  
>
>>Bruce A. Mah on 12/02/2005 12:56 PM wrote:
>>    
>>
>>>If memory serves me right, David Pierron wrote:
>>>      
>>>
>>>>fxp0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500
>>>>	options=8<VLAN_MTU>
>>>>	ether xx:xx:xx:xx:xx:xx
>>>>	media: Ethernet autoselect (none)
>>>>	status: no carrier
>>>>fxp1: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500
>>>>	options=8<VLAN_MTU>
>>>>	ether xx:xx:xx:xx:xx:xx
>>>>	media: Ethernet autoselect (none)
>>>>	status: no carrier
>>>>        
>>>>
>>>>It looks to me like you didn't turn up either the fxp0 or fxp1
>>>>interfaces.  It's correct to leave these interfaces unnumbered (i.e. no
>>>>IP addresses) but they do need to be up.  Try adding these lines to
>>>>/etc/rc.conf:
>>>>
>>>>ifconfig_fxp0="up"
>>>>ifconfig_fxp1="up"
>>>>        
>>>>
>>They weren't connected at the time the ifconfig was run.  That's the 
>>reason for the no carrier ...  I'm sure it's something in the 
>>configuration ...
>>    
>>
>
>No, that's not what I meant.  Notice that the fxp0 and fxp1 interfaces
>don't have the "UP" flags (whether or not they're physically plugged in
>is irrelevant).  I'm pretty sure you need to "ifconfig up" both
>interfaces before the bridge can use them and as far as I can tell you
>didn't do this.  I don't claim to be an expert in this area, but I *do*
>have a filtering bridge working using if_bridge and PF....
>
Ah!  I applied those settings to rc.conf and got the following results:

fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=8<VLAN_MTU>
	inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp0 prefixlen 64 scopeid 0x1 
	ether xx:xx:xx:xx:xx:xx
	media: Ethernet autoselect (none)
	status: no carrier
fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=8<VLAN_MTU>
	inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp1 prefixlen 64 scopeid 0x2 
	ether xx:xx:xx:xx:xx:xx
	media: Ethernet autoselect (none)
	status: no carrier
fxp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=8<VLAN_MTU>
	inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp2 prefixlen 64 scopeid 0x3 
	inet my.c.class.xxx netmask 0xffffff00 broadcast 64.243.181.255
	ether xx:xx:xx:xx:xx:xx
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
pfsync0: flags=0<> mtu 2020
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 
	inet 127.0.0.1 netmask 0xff000000 
bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500
	ether xx:xx:xx:xx:xx:xx
	priority 32768 hellotime 2 fwddelay 15 maxage 20
	member: fxp1 flags=3<LEARNING,DISCOVER>
	member: fxp0 flags=3<LEARNING,DISCOVER>

I can't wait until the wee hours to test this!  They do seem to have 
IPV6 addresses ... Can I shut that off?  Comment out IPV6 in the 
kernel?  I don't need IPV6 ...

I see my:

pass  in  on $mgt_if proto tcp from any to $mgt_if port 80 keep state

expands out to two rules, one for inet and another for inet6 ...

or change the command to:

pass  in  on $mgt_if inet proto tcp from any to $mgt_if port 80 keep state

I shouldn't have to worry about IPV6 ...

Anyway, I'll report on the ifconfig_inf(x)="up" and see if that is the ticket ...

More information about the freebsd-pf mailing list