yes it is bridging not routing, and its a vpn (OpenVPN) bridge to
complicate matters just a bit further. a simplified diagram
follows. i've used actual device names here and indicated the
bridged ones by enclosing them with { }
PUBLIC INTERNET
| |
------|----- -------|-----
| en0 | | dc0 |
| | | |
|firewall 2| |firewall 1 |
| | | |
|{en1 tun0}----------------{tun1 sis0}|
--|--------- ---------|---
| |
192.168.254.0/24 192.168.248.0/21
normal stuff seems to work across the bridge for the most part
however there is a problem with all the apple proprietary
services that rely on bonjour/rendevous.
there is another separate and somewhat intermittent problem
with routing between sub-subnets of the bridged halves of the
network but thats a separate discussion i think. see the email
i sent to the list on monday subject "vpn bridge misbehavior"
for a more complete network diagram and a description of that
(probably unrelated?) problem.
and oh yea, i *know* these mac services weren't designed for
anything other than small-scale home use. i'm acutely aware of
that at this point. (the mac decision was someone else's)
anyway, thanks for your time,
~jon
Jussi Peltola wrote:
Jonathan Whiteman wrote:
Sorry I should know this but I'm sorta green. If I enable
net.inet.ip.mforwarding on all my routers, should that allow
OS X things like bonjour and iTunes music sharing to work
across the bridge?
Bridge? Are you bridging or routing here? Please tell us more about
your network.
If you are ethernet bridging, as far as I know that will do nothing. If
you are routing, it is a different story, but I'm afraid my knowledge of
Bonjour is not good enough to give a definitive answer, but my
experiences with certain other multicast based protocols are that it is
easier to use ethernet bridge filtering than make routing work with
them. AFAIK Apple isn't targeting these services for large networks
anyway, they are to ease setting up a home or other small network that
is a single broadcast domain.
Regards,
Jussi Peltola
