On 4/9/06, Mark Pecaut <[EMAIL PROTECTED]> wrote:
> Sorry if I missed something you mentioned before but what exactly are
> you trying to do?
>
> I've used bridges several times before and it sounds like you are
> doing the right stuff (there is not much to do).
It seemed easy enough, I just was not getting the expected behavior.
> The rule is
> generally that if you want your host to connect two physically
> separate networks that are on the same subnet, use a bridge. For
> example, an ISP assigns you 8 IPs and you want to use them all but
> want a common firewall in front of them all but don't want nat.
>
> If you want to nat or otherwise connect two subnets together, that is
> when you need routing and ip forwarding on.
>
> Can you give some information on how you want to connect everything
> and the problem/goal? I'd be happy to help if I can.
>
> -mark
Previously, this machine performed NAT with two NIC's.
One NIC to the ISP, the other NIC to a switch to serve a few clients.
The machine was upgraded, with several more NIC's. I thought I would
take the switch out (hence the subject), and have the clients connect
directly to the NIC's instead. There is currently only 2 clients,
anyway.
I put all but external NIC on a bridge. I thought I would post because
I might have had the wrong idea about what a bridge would be used for.
I will just have to give it another shot when my cd's arrive.
>
> On 4/9/06, Jeff Quast <[EMAIL PROTECTED]> wrote:
> > On 4/9/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> > > On Sun, Apr 09, 2006 at 01:10:21PM -0400, Jeff Quast wrote:
> > > > On 4/9/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> > > > > On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote:
> > > > > > I've been using openbsd+pf for a router for some time at a
> > neighbor's
> > > > > > house. The router has been upgraded and now has several NIC's.
> > > > > >
> > > > > > I'd like to use multiple interfaces with crossover cables instead of
> > a
> > > > > > single interface with a switch behind it for the internal network,
> > how
> > > > > > would this best be done? I attempted to bridge all of the internal
> > > > > > interfaces, but I don't think this would do what I need it to, since
> > a
> > > > > > bridge can't have an IP address, and it did not apear to work.
> > > > >
> > > > > You could bridge them - this would be the classical 'switch' solution.
> > > > > How to get this done is another question.
> > > >
> > > > dc0 was the classic internal interface running dhcpd. I kept that
> > > > interface as-is.
> > > >
> > > > I set dc1, dc2, and rl0 as (only) "up" in their hostname.if files.
> > > >
> > > > I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default
> > > > settings, like add dc0 add dc1, etc.
> > > >
> > > > brconfig showed bridge0 as it probobly should apear. Mac addresses of
> > > > each client were listed on the proper port.
> > >
> > > That looks good.
> > >
> > > > dhcpd would not respond to client requests. I could use tcpdump on,
> > > > say rl0 and see the dhcpd requests, but I did not see it on dc0. with
> > > > IP addresses set manually, a client on dc2 could not ping a client of
> > > > the same subnet on dc1, etc. I assumed the bridge did not do what I
> > > > thought it was supposed to do, and dropped it.
> > >
> > > Hmm, someone else will have to debug that. It'd probably be the
> > > easiest/best solution, but I've never configured a bridge.
> > >
> > > > So I assigned each NIC an IP address of *.1, .2, .3, and .4.
> > > >
> > > > I assumed with IP forwarding, a client connected to the .4 NIC could
> > > > reach the .1 NIC. I was wrong with that as well.
> > > >
> > > > I enabled the bridge again with the internal NIC's having an IP
> > > > assigned A client connected to the .4 NIC still could not reach .1, or
> > > > a client connected to .1.
> > >
> > > Have you set net.inet.ip{,6}.forwarding?
> >
> > Yes of course, it has been performing as a router for a while now with
> > a single NIC for the local network. I did double-check it when i saw
> > that behavior, though, and it is set.
> >
> > >
> > > > > The other solution is to run it as a classical router serving a lot of
> > > > > /32 subnets.
> > > > >
> > > > > Exactly what do you have problems with?
> > > >
> > > > I am guessing I did something fundamentaly wrong here?
> > >
> > > Probably, but what? ;-)
> > >
> > > Joachim
> > >
> > >
> >
> > Thanks for your help, Joachim. I'll do a fresh install and try again
> > when my 3.9 cd's arrive. Maybe I have stale configurations somewhere.
> >
> > I have a very difficult time finding anybody on mail archives or
> > google doing something similar. The only information I can find is for
> > tranparent firewalls.
> >
> > Does anybody have a link of somebody performing something similar?
