no response on unnumbered bridged interface?

Micheal Patterson micheal at cancercare.net
Mon Sep 1 15:49:44 PDT 2003 

----- Original Message ----- 
From: "Aled Treharne" <aled at thinknuts.org>
To: <freebsd-questions at freebsd.org>
Sent: Monday, September 01, 2003 5:12 PM
Subject: no response on unnumbered bridged interface?


> Hi guys.
>
> I've just upgraded (aka reinstalled) my firewall up to 5.1-RELEASE. The
> hardware isn't particularly new, but it's been quite happily trudging
> along for the past few years using 4.something. However, with 5.1, I've
> found weirdness and I wanted to check to see if this is expected
> behaviour or not.
>
> The machine has two 3C509's ep0 (external) and ep1 (internal). Ep0 is
> numbered and the following sysctl variables set:
>
> Net.link.ether.bridge_cfg="ep0,ep1"
> Net.link.ether.bridge_ipfw=1
> Net.link.ether.bridge=1
>
> Now it bridges quite happily ( I have IPFIREWALL_DEFAULT_ACCEPT set in
> the kernel), and I can ping back and forth without any problem. However,
> if I try and access the bridge from a machine connected to the switch on
> the inside interface, it doesn't respond. Tcdump on the box shows ECHO
> request packets, I see arp traffic (and the inside machine has the
> correct mac address), but I see no echo responses. This is a problem,
> since I'd like to admin this box from inside my network. :) I also
> wouldn't mind the box seeing the internal network...
>
> I can't see anything wrong with what I've got, and there's nothing in
> the docs about this problem. I also experienced this problem with a
> Intel EtherExpress Pro I had in there as the internal interface, and
> both the ep1 card and the Intel NIC have worked in other boxes.
>
> Has anyone got any ideas on what's going on here? As far as I can tell,
> the config is identical to my previous installation...
>
> Cheers,
> Aled.

Is the system configured to forward packets? Assuming that 5.x has the
following variables available (I still run 4.8 here), try:

sysctl -a |grep forwarding

You should see "net.inet.ip.forwarding: 1". If it's 0, then your system
won't pass traffic between the the interfaces.


--

Micheal Patterson
Network Administration
Cancer Care Network
405-917-0600

More information about the freebsd-questions mailing list