5.2 Bridging issue

Bjorn Eikeland bjorn at eikeland.info
Thu Feb 12 06:32:21 PST 2004 

På Thu, 12 Feb 2004 03:56:56 -0700 (MST), skrev Aaron D. Gifford 
<agifford at infowest.com>:

> PROBLEM SUMMARY:
> ----------------
>
> I've got a bridge(4) issue on a BSD 5.2.1 box.  The bridging box has 
> three ethernet interfaces, two bridged together in a single cluster, and 
> one connected to the internet.  The box acts as a bridge for the two 
> network segments, and as a router to the Internet (it's the default 
> gateway).  The problem is, only one of the bridged segments can 
> communicate with the BSD box directly (and thus the Internet), even 
> though the two segments can talk to each other just fine.
>
>
> NETWORK SET-UP:
> ---------------
>
> First, let me clue you in on my network set-up:
>
> FreeBSD 5.2 Box with 3 ethernet interfaces, em0, rl0, and rl1:
>
> [FreeBSD Box]
>   |   |   |
>  rl0 rl1 em0
>   |   |   |
>   |   |   +---To-Internal-Network-Segment-#1...
>   |   |
>   |   +---To-Internal-Network-Segment-#2..
>   |
>   +---Internet...
>
> Interfaces rl1 and em0 are bridged:
>
>   net.link.ether.bridge.config=em0:1,rl1:1
>
> Since they ARE bridged and so are "on the same subnet", only em0 has
> an IP address:
>
>   ifconfig em0 inet 10.10.10.1/16
>
> I don't see how or why one would need or could assign an IP on the
> same subnet to the other interface, rl1, unless it was handled like
> many alias addresses, as a /32 host address.
>
> Interface rl0 is the link to the Internet.
>
> Bridging for the most part seems to be working.  Hosts on segment #1
> (via em0) are visible to hosts on segment #2 (connected via rl1).  They
> can ping each other, get ARP address resolution, and pass IP traffic.
>
> All hosts use 10.10.10.1 as their default gateway to the Internet.
>
> Hosts on segment #1 can reach the Internet just fine.
>
>
> PROBLEM DETAILS:
> ----------------
>
> Hosts on segment #2 cannot seem to be able to communicate with the
> bridinging/routing FreeBSD box's own IP addresses, and since it is the
> default gateway, in turn they cannot reach the Internet.  No layer 2
> traffic (ARP) reaches the FreeBSD box directly (the ARP table shows
> "incomplete" for all segment #2 addresses, even though ARP packets
> DO reach segment #1 just fine, passing transparently through the
> FreeBSD box.  The BSD box just can't see stuff addressed directly to it.
>
> This is NOT a firewalling or NAT issue.  This is exclusively a bridging
> issue.  Firewalling/NAT occurse elsewhere.
>
> So since I'm a FreeBSD bridge(4) newbie, after scouring the man page,
> reading the Handbook's information, searching various mailing list 
> archives,
> I can't find anything useful that tells me if bridge's bdg_forward() 
> knows
> how to handle traffic like this.  Apparently it doesn't.
>
> So bridging is just fine if you want your BSD box hidden, transparent,
> invisible.  But if you want it visible so it can act as a default gateway
> to all segments of a subnet that are bridged together, HOW DOES ONE DO 
> IT?
>
> I can't ifconfig the rl1 interface with an IP on the same subnet unless 
> it's
> a /32, and that accomplishes nothing (the IP packets are addressed to the
> IP address assigned to em0).  Bridging SHOULD just bridge, so traffic to
> the BSD box's em0 IP should come in on rl1 and be processed by the host.
>
> Somehow the bridging code knows the MAC addresses on the segment #2 side 
> of
> things (rl1), since it passes traffic between the two segments just fine.
> But the kernel's ARP table is totally ignorant.  It can't find those 
> hosts.
>
>
> REQUEST FOR HELP:
> -----------------
>
> Thanks in advance for all help, pointers, etc.  If there's not a way to 
> do
> this, then this sounds like an issue that should be added to the BUGS 
> section
> of the bridge(4) man page.
>
> Aaron out.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"
>

Try sysctl net.inet.ip.check_interface=0 - sounds like the same problem i 
had with my
bridge a while back.

good luck!

Bjorn

More information about the freebsd-questions mailing list