[Bridge] Trouble with ARP traffic

[Raffaele Carla]

Hi,

I've setup a Linux (SUSE v. 2.6.16.13-4-smp) in bridging mode. The br0 interface has two physical: eth0 and  eth1.

The eth0 interface is connected to  our LAN, the eth1 is connected to a SONICWALL firewall. STP is turned off, since  it's the only bridge connecting the two areas. The bridge is also filtering  some traffic via iptables.

All is working fine, but when I use  tcpdump on the eth1 interface, I see all the ARP requests of the LAN. In other  words, the entirely ARP broadcasts (that will be resolved internally) are  passing the bridge and reaching the firewall.

As a bridge, the Linux box should be  aware where every machine is located and separate logically the two segments,  shouldn't it?

Also, the command "arp –a" shows  only one address, wether the "brctl showmacs br0"  shows all the addresses  correctly. Is this a normal behaviour?

Thank you for any advice,

Raffaele
 

Output of brctl showstp  br0
---------------------------------------

br0
 bridge id                8000.001560a34be7
 designated root         8000.001560a34be7
 root port                  0                    path cost                  0
 max age                   20.00                 bridge max age              50.00
 hello time                 2.00                 bridge hello time           5.00
 forward delay             37.50                 bridge forward delay       15.00
 ageing time              300.01
 hello timer               1.39                  tcn timer                  0.00
 topology change timer      0.00                 gc timer                    0.05
 flags

eth0  (1)
 port id                 8001                    state                 forwarding
 designated root         8000.001560a34be7       path cost                  19
 designated bridge       8000.001560a34be7        message age timer           0.00
 designated port         8001                    forward delay timer         0.00
 designated cost            0                    hold timer                  0.39
 flags

eth1  (2)
 port id                 8002                    state                 forwarding
 designated root         8000.001560a34be7       path cost                 100
 designated bridge       8000.001560a34be7        message age timer           0.00
 designated port         8002                    forward delay timer         0.00
 designated cost            0                    hold timer                   0.39
 flags
 
Output of brctl showmacs  br0
------------------------------------------
1     00:04:23:0a:a6:13        no                86.16
  1     00:04:75:4c:d7:03        no                 5.06
  1     00:04:75:87:bd:a9        no               138.51
  1     00:04:76:a3:c9:b8        no               100.12
  2     00:06:b1:11:8d:a4        no                 0.07
  1     00:0f:20:3b:8e:4e        no                41.11
  1      00:0f:20:3b:fe:57       no                60.78
  1     00:14:69:b4:49:84        no                 0.14
  1     00:15:60:a3:4b:e7        yes                0.00
  1     00:30:c1:5f:24:56        no                28.16
  1     00:30:c1:8c:e7:61        no                39.05
  2     00:c0:f0:56:51:c6        yes                0.00
 

_______________________________________________
Bridge mailing list
Bridge@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/bridge