FBSD6 if_bridge

David Pierron david at wombatsweb.com
Sat Dec 3 11:44:53 GMT 2005 

Bruce A. Mah on 12/02/2005 8:02 PM wrote:

>If memory serves me right, David Pierron wrote:
>  
>
>>Ah!  I applied those settings to rc.conf and got the following results:
>>
>>fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
>>	options=8<VLAN_MTU>
>>	inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp0 prefixlen 64 scopeid 0x1 
>>	ether xx:xx:xx:xx:xx:xx
>>	media: Ethernet autoselect (none)
>>	status: no carrier
>>fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
>>	options=8<VLAN_MTU>
>>	inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp1 prefixlen 64 scopeid 0x2 
>>	ether xx:xx:xx:xx:xx:xx
>>	media: Ethernet autoselect (none)
>>	status: no carrier
>>    
>>
>
>OK, this looks better.  No guarantees but I'm pretty sure it would never
>have worked before.  Hopefully this will at least get you closer.
>
Bah!  Left my IP address in there, but heck ... Who can't look at email 
headers?

>> can't wait until the wee hours to test this!  They do seem to have 
>>IPV6 addresses ... Can I shut that off?  Comment out IPV6 in the 
>>kernel?  I don't need IPV6 ...
>>    
>>
>
>If you really want them gone, then you probably need to comment out IPv6
>from your kernel.
>  
>
Since I don't need it at all, I think good to remove from the kernel so 
nothing is an issue ... Saves me on the ruleset typing and it won't 
generate those rules needlessly ...  While composing I was compiling the 
new kernel ...  Commenting out IPV6 and removing "inet" from the rule 
did the trick ... It no longer produces 2 rules ...

>>Anyway, I'll report on the ifconfig_inf(x)="up" and see if that is the ticket ...
>>    
>>
>Looking forward to hearing the good news...
>
Excuse my French but, OMFG!  That was it!

I had seen that as part of the OBSD setup ... but I thought that was the 
way OBSD worked or something because these statements were not necessary 
for the IPFW BRIDGE setup I have in place now ...

I stuffed those CAT5 puppies into the NICs for about 5 minutes maybe ... 
Got 4100 lines of blocks from the two interfaces ... (They were all 
"block in" btw) ... Here I thought there wasn't that much traffic at 
this time of the AM ...  Now will compose a ruleset before I start using 
it again ...

Viewing with tcpdump -n -e -ttt -r /var/log/pflog ...  WAY more detailed 
than the IPFW BRIDGE ...  Just seeing the DNS queries to the name 
servers ... NEAT!  I even see how noisy the Windows machines are ... so 
many broadcasts ... I have a colo here, and I see he has DHCP running 
...  Why?  I will ask him later today ...

Thanks ever so much!  I popped your name in the HOW-TO I am creating @ 
http://test.davidpierron.com/fbsd-pf.php

More information about the freebsd-pf mailing list