----- Original Message ----- From: "Aled Treharne" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 01, 2003 5:12 PM Subject: no response on unnumbered bridged interface?
> Hi guys. > > I've just upgraded (aka reinstalled) my firewall up to 5.1-RELEASE. The > hardware isn't particularly new, but it's been quite happily trudging > along for the past few years using 4.something. However, with 5.1, I've > found weirdness and I wanted to check to see if this is expected > behaviour or not. > > The machine has two 3C509's ep0 (external) and ep1 (internal). Ep0 is > numbered and the following sysctl variables set: > > Net.link.ether.bridge_cfg="ep0,ep1" > Net.link.ether.bridge_ipfw=1 > Net.link.ether.bridge=1 > > Now it bridges quite happily ( I have IPFIREWALL_DEFAULT_ACCEPT set in > the kernel), and I can ping back and forth without any problem. However, > if I try and access the bridge from a machine connected to the switch on > the inside interface, it doesn't respond. Tcdump on the box shows ECHO > request packets, I see arp traffic (and the inside machine has the > correct mac address), but I see no echo responses. This is a problem, > since I'd like to admin this box from inside my network. :) I also > wouldn't mind the box seeing the internal network... > > I can't see anything wrong with what I've got, and there's nothing in > the docs about this problem. I also experienced this problem with a > Intel EtherExpress Pro I had in there as the internal interface, and > both the ep1 card and the Intel NIC have worked in other boxes. > > Has anyone got any ideas on what's going on here? As far as I can tell, > the config is identical to my previous installation... > > Cheers, > Aled. Is the system configured to forward packets? Assuming that 5.x has the following variables available (I still run 4.8 here), try: sysctl -a |grep forwarding You should see "net.inet.ip.forwarding: 1". If it's 0, then your system won't pass traffic between the the interfaces. -- Micheal Patterson Network Administration Cancer Care Network 405-917-0600 _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
