DSL router when what I need is a bridge; ARP problem?

Gary Aitken freebsd at dreamchaser.org
Thu May 29 10:19:40 PDT 2003

>If i've understood you correctly you want to join two seperate physical
>network segments on the same subnet using the freebsd box. 
>Since the join is the Freebsd box then getting that to bridge the two
>nics should work (assigning and IP to one if needed.)
>Otherwise you'll need some more routes and to make things more complex, 
> a working example that I have in use (wanted to firewall a class c but
>was supplied with a managed router as .1 and didnt want to use bridging.)
>The router and firewalls routerside nic have a .252 netmask (subnet of
>.1 and .2) the router (.1) has a static route of x.y.z.0/24 via .2 
>(firewalls external nic) the firewall has .1 as 
>its default route. rest of class c has firewalls other nic (.194 for 
>no good reason) as default route.
This is basically what I have set up.  Unfortunately, the router box in 
question, a cisco 678 DSL modem, doesn't do its routing job correctly, 
and instead of forwarding packets via the (.2 in your case) firewall's 
external network interface, queries that network looking for a direct 
connection to the destination host.

According to the arp man page, arp should make it possible for the 
firewall to handle this request, but it isn't.  If the firewall would 
pass it's own (.2 in your case) ethernet address as a proxy for the 
requested internal host, the router would send the packet to the 
firewall, which would then forward it appropriately.


More information about the freebsd-questions mailing list