Re: bridging
yes, with any two interfaces the bridge works well. tcpdump show these messages when i configure bridge with more than 2 interfaces: 14:52:57.771505 ARP, Request who-has 192.168.4.157 tell 192.168.4.155, length 46 14:52:57.771519 ARP, Reply 192.168.4.157 is-at 00:0b:ab:4f:d4:2a (oui Unknown), length 46 14:52:58.788076 ARP, Request who-has 192.168.4.157 tell 192.168.4.155, length 46 14:52:58.788095 ARP, Reply 192.168.4.157 is-at 00:0b:ab:4f:d4:2a (oui Unknown), length 46 14:52:59.804630 ARP, Request who-has 192.168.4.157 tell 192.168.4.155, length 46 14:52:59.804646 ARP, Reply 192.168.4.157 is-at 00:0b:ab:4f:d4:2a (oui Unknown), length 46 14:53:00.821083 ARP, Request who-has 192.168.4.157 tell 192.168.4.155, length 46 14:53:00.821098 ARP, Reply 192.168.4.157 is-at 00:0b:ab:4f:d4:2a (oui Unknown), length 46 14:53:01.837654 ARP, Request who-has 192.168.4.157 tell 192.168.4.155, length 46 14:53:01.837672 ARP, Reply 192.168.4.157 is-at 00:0b:ab:4f:d4:2a (oui Unknown), length 46 it seems that bridging just can be done by two interfaces:( i use ifconfig bridge0 create and ifconfig addm igb1 addm igb2 for bridging two interfaces. i test by putting the below commands in rc.conf file: cloned_interfaces=bridge0 ifconfig_bridge0=addm igb1 addm igb2 addm gbeth1 up but nothing changed. On Mon, Dec 12, 2011 at 10:40 AM, Da Rock freebsd-questi...@herveybayaustralia.com.au wrote: On 12/12/11 15:49, saeedeh motlagh wrote: my freebsd is 8.2 and i have four interfaces which two of them are gbeth and two others are igb. i think the interfaces are ok beacuse when i bridge two interfaces, it works fine. i use the below command to create my bridge: ifconfig bridge0 create ifconfig bridge0 addm gbeth0 addm igb0 addm igb1 addm gbeth1 up what is wrong here? it's so necessary for me to doing this:( Is it any 2 interfaces? What command do you use to get the 2 interfaces working? On Sun, Dec 11, 2011 at 5:16 PM, Da Rock freebsd-questions@**herveybayaustralia.com.aufreebsd-questi...@herveybayaustralia.com.au wrote: On 12/11/11 23:31, saeedeh motlagh wrote: hello everybody i have a problem in bridging my interfaces. i want to bridge my 4 interfaces and make switching in freebsd box but in doesn't work. with two interfaces the bridge works well and pass the traffic but for four interfaces in doesn't what is expected. you know i want to have a freebsd sysytem to do switching between four systems which are connected to. somebody know what's wrong? and how i can bridge my four interfaces and have switching? thanks motlagh Can you supply information on what devices you are using for your switches? Ifconfig, pciconf -lv Which version are you using? uname -a What commands are you using to setup switching? What diagnostics have you done? How do you know it doesn't work? Good luck. I'm sure someone can help if you provide that information, although they may need more. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questionshttp://lists.freebsd.org/**mailman/listinfo/freebsd-**questions http://lists.**freebsd.org/mailman/listinfo/**freebsd-questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.orgfreebs**d-questions-unsubscribe@**freebsd.orgfreebsd-questions-unsubscr...@freebsd.org __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bridging
i solve it:) the stp should be running on all interfaces On Mon, Dec 12, 2011 at 11:43 AM, saeedeh motlagh saeedeh.motl...@gmail.com wrote: yes, with any two interfaces the bridge works well. tcpdump show these messages when i configure bridge with more than 2 interfaces: 14:52:57.771505 ARP, Request who-has 192.168.4.157 tell 192.168.4.155, length 46 14:52:57.771519 ARP, Reply 192.168.4.157 is-at 00:0b:ab:4f:d4:2a (oui Unknown), length 46 14:52:58.788076 ARP, Request who-has 192.168.4.157 tell 192.168.4.155, length 46 14:52:58.788095 ARP, Reply 192.168.4.157 is-at 00:0b:ab:4f:d4:2a (oui Unknown), length 46 14:52:59.804630 ARP, Request who-has 192.168.4.157 tell 192.168.4.155, length 46 14:52:59.804646 ARP, Reply 192.168.4.157 is-at 00:0b:ab:4f:d4:2a (oui Unknown), length 46 14:53:00.821083 ARP, Request who-has 192.168.4.157 tell 192.168.4.155, length 46 14:53:00.821098 ARP, Reply 192.168.4.157 is-at 00:0b:ab:4f:d4:2a (oui Unknown), length 46 14:53:01.837654 ARP, Request who-has 192.168.4.157 tell 192.168.4.155, length 46 14:53:01.837672 ARP, Reply 192.168.4.157 is-at 00:0b:ab:4f:d4:2a (oui Unknown), length 46 it seems that bridging just can be done by two interfaces:( i use ifconfig bridge0 create and ifconfig addm igb1 addm igb2 for bridging two interfaces. i test by putting the below commands in rc.conf file: cloned_interfaces=bridge0 ifconfig_bridge0=addm igb1 addm igb2 addm gbeth1 up but nothing changed. On Mon, Dec 12, 2011 at 10:40 AM, Da Rock freebsd-questi...@herveybayaustralia.com.au wrote: On 12/12/11 15:49, saeedeh motlagh wrote: my freebsd is 8.2 and i have four interfaces which two of them are gbeth and two others are igb. i think the interfaces are ok beacuse when i bridge two interfaces, it works fine. i use the below command to create my bridge: ifconfig bridge0 create ifconfig bridge0 addm gbeth0 addm igb0 addm igb1 addm gbeth1 up what is wrong here? it's so necessary for me to doing this:( Is it any 2 interfaces? What command do you use to get the 2 interfaces working? On Sun, Dec 11, 2011 at 5:16 PM, Da Rock freebsd-questions@**herveybayaustralia.com.aufreebsd-questi...@herveybayaustralia.com.au wrote: On 12/11/11 23:31, saeedeh motlagh wrote: hello everybody i have a problem in bridging my interfaces. i want to bridge my 4 interfaces and make switching in freebsd box but in doesn't work. with two interfaces the bridge works well and pass the traffic but for four interfaces in doesn't what is expected. you know i want to have a freebsd sysytem to do switching between four systems which are connected to. somebody know what's wrong? and how i can bridge my four interfaces and have switching? thanks motlagh Can you supply information on what devices you are using for your switches? Ifconfig, pciconf -lv Which version are you using? uname -a What commands are you using to setup switching? What diagnostics have you done? How do you know it doesn't work? Good luck. I'm sure someone can help if you provide that information, although they may need more. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questionshttp://lists.freebsd.org/**mailman/listinfo/freebsd-**questions http://lists.**freebsd.org/mailman/listinfo/**freebsd-questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.orgfreebs**d-questions-unsubscribe@**freebsd.orgfreebsd-questions-unsubscr...@freebsd.org __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
bridging
hello everybody i have a problem in bridging my interfaces. i want to bridge my 4 interfaces and make switching in freebsd box but in doesn't work. with two interfaces the bridge works well and pass the traffic but for four interfaces in doesn't what is expected. you know i want to have a freebsd sysytem to do switching between four systems which are connected to. somebody know what's wrong? and how i can bridge my four interfaces and have switching? thanks motlagh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bridging
On 12/11/11 23:31, saeedeh motlagh wrote: hello everybody i have a problem in bridging my interfaces. i want to bridge my 4 interfaces and make switching in freebsd box but in doesn't work. with two interfaces the bridge works well and pass the traffic but for four interfaces in doesn't what is expected. you know i want to have a freebsd sysytem to do switching between four systems which are connected to. somebody know what's wrong? and how i can bridge my four interfaces and have switching? thanks motlagh Can you supply information on what devices you are using for your switches? Ifconfig, pciconf -lv Which version are you using? uname -a What commands are you using to setup switching? What diagnostics have you done? How do you know it doesn't work? Good luck. I'm sure someone can help if you provide that information, although they may need more. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bridging
my freebsd is 8.2 and i have four interfaces which two of them are gbeth and two others are igb. i think the interfaces are ok beacuse when i bridge two interfaces, it works fine. i use the below command to create my bridge: ifconfig bridge0 create ifconfig bridge0 addm gbeth0 addm igb0 addm igb1 addm gbeth1 up what is wrong here? it's so necessary for me to doing this:( On Sun, Dec 11, 2011 at 5:16 PM, Da Rock freebsd-questi...@herveybayaustralia.com.au wrote: On 12/11/11 23:31, saeedeh motlagh wrote: hello everybody i have a problem in bridging my interfaces. i want to bridge my 4 interfaces and make switching in freebsd box but in doesn't work. with two interfaces the bridge works well and pass the traffic but for four interfaces in doesn't what is expected. you know i want to have a freebsd sysytem to do switching between four systems which are connected to. somebody know what's wrong? and how i can bridge my four interfaces and have switching? thanks motlagh Can you supply information on what devices you are using for your switches? Ifconfig, pciconf -lv Which version are you using? uname -a What commands are you using to setup switching? What diagnostics have you done? How do you know it doesn't work? Good luck. I'm sure someone can help if you provide that information, although they may need more. __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bridging
On 12/12/11 15:49, saeedeh motlagh wrote: my freebsd is 8.2 and i have four interfaces which two of them are gbeth and two others are igb. i think the interfaces are ok beacuse when i bridge two interfaces, it works fine. i use the below command to create my bridge: ifconfig bridge0 create ifconfig bridge0 addm gbeth0 addm igb0 addm igb1 addm gbeth1 up what is wrong here? it's so necessary for me to doing this:( Is it any 2 interfaces? What command do you use to get the 2 interfaces working? On Sun, Dec 11, 2011 at 5:16 PM, Da Rock freebsd-questi...@herveybayaustralia.com.au wrote: On 12/11/11 23:31, saeedeh motlagh wrote: hello everybody i have a problem in bridging my interfaces. i want to bridge my 4 interfaces and make switching in freebsd box but in doesn't work. with two interfaces the bridge works well and pass the traffic but for four interfaces in doesn't what is expected. you know i want to have a freebsd sysytem to do switching between four systems which are connected to. somebody know what's wrong? and how i can bridge my four interfaces and have switching? thanks motlagh Can you supply information on what devices you are using for your switches? Ifconfig, pciconf -lv Which version are you using? uname -a What commands are you using to setup switching? What diagnostics have you done? How do you know it doesn't work? Good luck. I'm sure someone can help if you provide that information, although they may need more. __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.orgfreebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Bridging Gigabit and Fast Ethernet Interfaces
if_bridge(4) says: The if_bridge driver currently supports only Ethernet and Ethernet-like (e.g., 802.11) network devices, with exactly the same interface MTU size as the bridge device. Am I correct to assume then that I can bridge a gigabit interface and a fast ethernet interface and that one of the negatives of doing this is that Jumbo frames couldn't be used on the gigabit side? I've got an Atom based server with an onboard gigabit nic and only one PCI slot. The server sits physically close to my 10/100 switch that hangs off my firewall. I was thinking of putting a 10/100 nic into the single PCI slot and running that to the 10/100 switch for internet access and then running cable across the room from the gigabit interface to a gigabit switch on my workbench. Wired gigabit clients on the bench would then have the benefit of gigabit access to the server for doing backups but also still have internet access via the server's bridge interface right? Is there a reason I wouldn't want to do it this way? Thanks, Carl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
IPFW/Dummynet/Bridging with VLAN trunks?
I'm trying to use Dummynet+IPFW and bridging to make a packet shaper that runs across multiple VLANs. So my intended set up is: [users]-[Aggregate Switch]=[FreeBSD]=[Upstream Switch (with IP interfaces for each vlan)]-The World where - is a single VLAN, and = is a tagged dot1q trunk. The aim is to drop the FreeBSD box in the middle, in one trunked uplink, and cover all the VLANs downstream of that. Should this work? In practice, the bridging seems to work OK, but as soon as I add rules to match traffic passing through and apply it to pipes, everything stops. I can use tcpdump's vlan option to filter traffic on em0, em1 or bridge0 and it does show only traffic for that vlan, so tags are being preserved... Ideally, I'd like to use the dot1q tag in ipfw rules directly, and avoid ip ranges, but I don't think that's possible. Is there some special incantation to make ipfw vlan-aware? Has anyone else done this successfully? Best Regards, Howie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPFW/Dummynet/Bridging with VLAN trunks?
Howard Jones wrote: I'm trying to use Dummynet+IPFW and bridging to make a packet shaper that runs across multiple VLANs. So my intended set up is: [users]-[Aggregate Switch]=[FreeBSD]=[Upstream Switch (with IP interfaces for each vlan)]-The World where - is a single VLAN, and = is a tagged dot1q trunk. The aim is to drop the FreeBSD box in the middle, in one trunked uplink, and cover all the VLANs downstream of that. Should this work? In practice, the bridging seems to work OK, but as soon as I add rules to match traffic passing through and apply it to pipes, everything stops. I can use tcpdump's vlan option to filter traffic on em0, em1 or bridge0 and it does show only traffic for that vlan, so tags are being preserved... Ideally, I'd like to use the dot1q tag in ipfw rules directly, and avoid ip ranges, but I don't think that's possible. Is there some special incantation to make ipfw vlan-aware? Has anyone else done this successfully? This is how I do it: ipfw pipe 1 all from any to any in via vlan20 ipfw pipe 2 all from any to any in via vlan40 But in my configuration, bridge0 has members vlan20 and vlan40. I would create a separate bridge with vlan21 and vlan41. I don't think ipfw can filter on dot1q tags yet, though. There was a lot of layer 2 filtering capability in a patch floating around for 8-CURRENT, but I'm not sure of its status, nor whether dot1q filtering was implemented. -- Chris Cowart Network Technical Lead Network Infrastructure Services, RSSP-IT UC Berkeley pgpZHyHXxvV8v.pgp Description: PGP signature
Re: Bridging-(How to test and verify that bridging is enabled)
Faizan ul haq Muhammad wrote: Hi, I am not sure but as per some internet guide, I have configured the bridge on Freebsd(7) Machine with two LAN cards on it I have compiled my KERNEL with (device if_bridge) and then added code to rc.conf cloned_interfaces=bridge0 ifconfig_bridge0=addm sk0 addm sk1 up ifconfig_sk0=up ifconfig_sk1=up I connected two linux PCs with these two interfaces (sk0 and sk1) and tried to ping between them but didnt get any success.configuration seems to be ok, but still no traffice is being passed. Can any one give any sugestion ? Regards! What does ifconfig show? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bridging-(How to test and verify that bridging is enabled)
Hi, I connected two linux PCs with these two interfaces (sk0 and sk1) and tried to ping between them but didnt get any success.configuration seems to be ok, but still no traffice is being passed. Can any one give any sugestion ? Stupid question, but if you connect the 2 Linux boxes directly (without the FreeBSD bridge in between) can they ping eachother? Are you using properly crossed cables? On the FreeBSD box, you can tcpdump(8) and see the packets moving: tcpdump -i sk0 and tcpdump -i sk1 and you will see the pick request and ping echo packets. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Bridging-(How to test and verify that bridging is enabled)
Date: Mon, 2 Mar 2009 15:28:10 +0700 From: o...@cs.ait.ac.th To: faiz...@hotmail.com CC: fbsd.questi...@rachie.is-a-geek.net; freebsd-questions@freebsd.org; fb...@a1poweruser.com Subject: Re: Bridging-(How to test and verify that bridging is enabled) Hi, I connected two linux PCs with these two interfaces (sk0 and sk1) and tried to ping between them but didnt get any success.configuration seems to be ok, but still no traffice is being passed. Can any one give any sugestion ? Stupid question Yess it is , but if you connect the 2 Linux boxes directly (without the FreeBSD bridge in between) can they ping eachother? Yes they can Are you using properly crossed cables? Isnt it enough check for the that two linux can ping each other.. On the FreeBSD box, you can tcpdump(8) and see the packets moving: tcpdump -i sk0 and tcpdump -i sk1 and you will see the pick request and ping echo packets. it says arp: who has 192.168.0.4 tell 192.168.0.5 Olivier _ Hotmail® is up to 70% faster. Now good news travels really fast. http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bridging-(How to test and verify that bridging is enabled)
Hi, Are you using properly crossed cables? Isnt it enough check for the that two linux can ping each other.. Yes and no. You must used crossed Ethernet cable between your FreeBSD bridge and each of your Linux boxes. As someone suggested, what is ifconfig saying on the FreeBSD box? You should see that both sk0 and sk1 have a status: active. Else it means you have a cable problem. An example of ifconfig for a bridge (FreeBSD 4.xx): fxp0: flags=89c3UP,BROADCAST,RUNNING,NOARP,PROMISC,SIMPLEX,MULTICAST mtu 1500 ether 00:07:e9:xx:xx:xx media: Ethernet autoselect (100baseTX full-duplex) status: active fxp1: flags=89c3UP,BROADCAST,RUNNING,NOARP,PROMISC,SIMPLEX,MULTICAST mtu 1500 ether 00:07:e9:yy:yy:yy media: Ethernet autoselect (100baseTX full-duplex) status: active Once you make sure that both interfaces on your FreeBSD box are up and running, you can procced to the next step: On the FreeBSD box=2C you can tcpdump(8) and see the packets moving: tcpdump -i sk0 and tcpdump -i sk1 and you will see the pick request and ping echo packets. it says arp: who has 192.168.0.4 tell 192.168.0.5 You'd need to give more information about your connection; something like: Linux 192.168.0.4 --- sk0 FreeBSD sk1 --- Linux 192.168.0.5 And you should also specify if ou where tcpdump'ing on interface sk0 or sk1. Once your bridge is working, you will get the same thing for tcpdump on both interfaces. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Bridging-(How to test and verify that bridging is enabled)
Date: Mon, 2 Mar 2009 16:35:33 +0700 From: o...@cs.ait.ac.th To: faiz...@hotmail.com CC: fbsd.questi...@rachie.is-a-geek.net; freebsd-questions@freebsd.org; fb...@a1poweruser.com Subject: Re: Bridging-(How to test and verify that bridging is enabled) Hi, Are you using properly crossed cables? Isnt it enough check for the that two linux can ping each other.. Yes and no. You must used crossed Ethernet cable between your FreeBSD bridge and each of your Linux boxes. Frankly i am not sure about the cables type but they works PC to PC connectivity. As someone suggested, what is ifconfig saying on the FreeBSD box? You should see that both sk0 and sk1 have a status: active. Else it means you have a cable problem. sk0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:69:25 media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active sk1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:67:ee media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active here is the ifconfig output for the bridge interface: bridge0: flags=8943UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 0a:54:d7:7e:aa:66 inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 id 00:00:00:00:00:00 priortiy 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 An example of ifconfig for a bridge (FreeBSD 4.xx): fxp0: flags=89c3UP,BROADCAST,RUNNING,NOARP,PROMISC,SIMPLEX,MULTICAST mtu 1500 ether 00:07:e9:xx:xx:xx media: Ethernet autoselect (100baseTX full-duplex) status: active fxp1: flags=89c3UP,BROADCAST,RUNNING,NOARP,PROMISC,SIMPLEX,MULTICAST mtu 1500 ether 00:07:e9:yy:yy:yy media: Ethernet autoselect (100baseTX full-duplex) status: active Once you make sure that both interfaces on your FreeBSD box are up and running, you can procced to the next step: On the FreeBSD box=2C you can tcpdump(8) and see the packets moving: tcpdump -i sk0 and tcpdump -i sk1 and you will see the pick request and ping echo packets. it says arp: who has 192.168.0.4 tell 192.168.0.5 You'd need to give more information about your connection; something like: Linux 192.168.0.4 --- sk0 FreeBSD sk1 --- Linux 192.168.0.5 And you should also specify if ou where tcpdump'ing on interface sk0 or sk1. Once your bridge is working, you will get the same thing for tcpdump on both interfaces. ok here is the detail: Linux 192.168.0.5 --- sk0 FreeBSD sk1 --- Linux 192.168.0.4 ping from 192.168.0.5 to 192.168.0.4 tcpdump (on freeBSD) tcpdump -i sk0 RESULT arp: who has 192.168.0.4 tell 192.168.0.5 ping from 192.168.0.4 to 192.168.0.5 tcpdump (on freeBSD) tcpdump -i sk1 RESULT arp: who has 192.168.0.5 tell 192.168.0.4 tcpdump -i bridge0 gives nothing... Olivier _ Windows Live™ Groups: Create an online spot for your favorite groups to meet. http://windowslive.com/online/groups?ocid=TXT_TAGLM_WL_groups_032009___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bridging-(How to test and verify that bridging is enabled)
Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 16:35:33 +0700 From: o...@cs.ait.ac.th To: faiz...@hotmail.com CC: fbsd.questi...@rachie.is-a-geek.net; freebsd-questions@freebsd.org; fb...@a1poweruser.com Subject: Re: Bridging-(How to test and verify that bridging is enabled) Hi, Are you using properly crossed cables? Isnt it enough check for the that two linux can ping each other.. Yes and no. You must used crossed Ethernet cable between your FreeBSD bridge and each of your Linux boxes. Frankly i am not sure about the cables type but they works PC to PC connectivity. As someone suggested, what is ifconfig saying on the FreeBSD box? You should see that both sk0 and sk1 have a status: active. Else it means you have a cable problem. sk0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:69:25 media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active sk1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:67:ee media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active here is the ifconfig output for the bridge interface: bridge0: flags=8943UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 0a:54:d7:7e:aa:66 inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 id 00:00:00:00:00:00 priortiy 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 I think ifconfig bridge0 should list member interfaces. Did you add them? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Bridging-(How to test and verify that bridging is enabled)
Date: Mon, 2 Mar 2009 07:48:40 -0600 From: amvandem...@gmail.com CC: freebsd-questions@freebsd.org Subject: Re: Bridging-(How to test and verify that bridging is enabled) Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 16:35:33 +0700 From: o...@cs.ait.ac.th To: faiz...@hotmail.com CC: fbsd.questi...@rachie.is-a-geek.net; freebsd-questions@freebsd.org; fb...@a1poweruser.com Subject: Re: Bridging-(How to test and verify that bridging is enabled) Hi, Are you using properly crossed cables? Isnt it enough check for the that two linux can ping each other.. Yes and no. You must used crossed Ethernet cable between your FreeBSD bridge and each of your Linux boxes. Frankly i am not sure about the cables type but they works PC to PC connectivity. As someone suggested, what is ifconfig saying on the FreeBSD box? You should see that both sk0 and sk1 have a status: active. Else it means you have a cable problem. sk0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:69:25 media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active sk1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:67:ee media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active here is the ifconfig output for the bridge interface: bridge0: flags=8943UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 0a:54:d7:7e:aa:66 inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 id 00:00:00:00:00:00 priortiy 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 I think ifconfig bridge0 should list member interfaces. Did you add them? ifconfig bridge0 addm sk0 addm sk1 up ifconfig sk0 up ifconfig sk1 up this configuration exists in rc.conf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org _ Windows Live™: Life without walls. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bridging-(How to test and verify that bridging is enabled)
Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 07:48:40 -0600 From: amvandem...@gmail.com CC: freebsd-questions@freebsd.org Subject: Re: Bridging-(How to test and verify that bridging is enabled) Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 16:35:33 +0700 From: o...@cs.ait.ac.th To: faiz...@hotmail.com CC: fbsd.questi...@rachie.is-a-geek.net; freebsd-questions@freebsd.org; fb...@a1poweruser.com Subject: Re: Bridging-(How to test and verify that bridging is enabled) Hi, Are you using properly crossed cables? Isnt it enough check for the that two linux can ping each other.. Yes and no. You must used crossed Ethernet cable between your FreeBSD bridge and each of your Linux boxes. Frankly i am not sure about the cables type but they works PC to PC connectivity. As someone suggested, what is ifconfig saying on the FreeBSD box? You should see that both sk0 and sk1 have a status: active. Else it means you have a cable problem. sk0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:69:25 media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active sk1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:67:ee media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active here is the ifconfig output for the bridge interface: bridge0: flags=8943UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 0a:54:d7:7e:aa:66 inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 id 00:00:00:00:00:00 priortiy 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 I think ifconfig bridge0 should list member interfaces. Did you add them? ifconfig bridge0 addm sk0 addm sk1 up ifconfig sk0 up ifconfig sk1 up this configuration exists in rc.conf if ifconfig doesn't print out something like this: bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 4a:be:26:65:75:06 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: sk0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 1 priority 128 path cost 200 member: sk1 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 2 priority 128 path cost 20 Then you need to add the member interfaces. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Bridging-(How to test and verify that bridging is enabled)
Date: Mon, 2 Mar 2009 08:05:09 -0600 From: amvandem...@gmail.com CC: freebsd-questions@freebsd.org Subject: Re: Bridging-(How to test and verify that bridging is enabled) Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 07:48:40 -0600 From: amvandem...@gmail.com CC: freebsd-questions@freebsd.org Subject: Re: Bridging-(How to test and verify that bridging is enabled) Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 16:35:33 +0700 From: o...@cs.ait.ac.th To: faiz...@hotmail.com CC: fbsd.questi...@rachie.is-a-geek.net; freebsd-questions@freebsd.org; fb...@a1poweruser.com Subject: Re: Bridging-(How to test and verify that bridging is enabled) Hi, Are you using properly crossed cables? Isnt it enough check for the that two linux can ping each other.. Yes and no. You must used crossed Ethernet cable between your FreeBSD bridge and each of your Linux boxes. Frankly i am not sure about the cables type but they works PC to PC connectivity. As someone suggested, what is ifconfig saying on the FreeBSD box? You should see that both sk0 and sk1 have a status: active. Else it means you have a cable problem. sk0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:69:25 media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active sk1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:67:ee media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active here is the ifconfig output for the bridge interface: bridge0: flags=8943UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 0a:54:d7:7e:aa:66 inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 id 00:00:00:00:00:00 priortiy 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 I think ifconfig bridge0 should list member interfaces. Did you add them? ifconfig bridge0 addm sk0 addm sk1 up ifconfig sk0 up ifconfig sk1 up this configuration exists in rc.conf if ifconfig doesn't print out something like this: bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 4a:be:26:65:75:06 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: sk0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 1 priority 128 path cost 200 member: sk1 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 2 priority 128 path cost 20 Then you need to add the member interfaces. i noted that, following information is missing member: sk0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 1 priority 128 path cost 200 member: sk1 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 2 priority 128 path cost 20 Now i need to know how to add the interfaces..? Any command do u knw and can help me..? Regards!!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org _ Windows Live™: Life without walls. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bridging-(How to test and verify that bridging is enabled)
Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 08:05:09 -0600 From: amvandem...@gmail.com CC: freebsd-questions@freebsd.org Subject: Re: Bridging-(How to test and verify that bridging is enabled) Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 07:48:40 -0600 From: amvandem...@gmail.com CC: freebsd-questions@freebsd.org Subject: Re: Bridging-(How to test and verify that bridging is enabled) Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 16:35:33 +0700 From: o...@cs.ait.ac.th To: faiz...@hotmail.com CC: fbsd.questi...@rachie.is-a-geek.net; freebsd-questions@freebsd.org; fb...@a1poweruser.com Subject: Re: Bridging-(How to test and verify that bridging is enabled) Hi, Are you using properly crossed cables? Isnt it enough check for the that two linux can ping each other.. Yes and no. You must used crossed Ethernet cable between your FreeBSD bridge and each of your Linux boxes. Frankly i am not sure about the cables type but they works PC to PC connectivity. As someone suggested, what is ifconfig saying on the FreeBSD box? You should see that both sk0 and sk1 have a status: active. Else it means you have a cable problem. sk0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:69:25 media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active sk1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:67:ee media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active here is the ifconfig output for the bridge interface: bridge0: flags=8943UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 0a:54:d7:7e:aa:66 inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 id 00:00:00:00:00:00 priortiy 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 I think ifconfig bridge0 should list member interfaces. Did you add them? ifconfig bridge0 addm sk0 addm sk1 up ifconfig sk0 up ifconfig sk1 up this configuration exists in rc.conf if ifconfig doesn't print out something like this: bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 4a:be:26:65:75:06 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: sk0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 1 priority 128 path cost 200 member: sk1 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 2 priority 128 path cost 20 Then you need to add the member interfaces. i noted that, following information is missing member: sk0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 1 priority 128 path cost 200 member: sk1 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 2 priority 128 path cost 20 Now i need to know how to add the interfaces..? Any command do u knw and can help me..? Regards!!! http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009 ifconfig bridge0 addm sk0 addm sk1 up ifconfig sk0 up ifconfig sk1 up ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Bridging-(How to test and verify that bridging is enabled)
Date: Mon, 2 Mar 2009 08:28:01 -0600 From: amvandem...@gmail.com CC: freebsd-questions@freebsd.org Subject: Re: Bridging-(How to test and verify that bridging is enabled) Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 08:05:09 -0600 From: amvandem...@gmail.com CC: freebsd-questions@freebsd.org Subject: Re: Bridging-(How to test and verify that bridging is enabled) Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 07:48:40 -0600 From: amvandem...@gmail.com CC: freebsd-questions@freebsd.org Subject: Re: Bridging-(How to test and verify that bridging is enabled) Faizan ul haq Muhammad wrote: Date: Mon, 2 Mar 2009 16:35:33 +0700 From: o...@cs.ait.ac.th To: faiz...@hotmail.com CC: fbsd.questi...@rachie.is-a-geek.net; freebsd-questions@freebsd.org; fb...@a1poweruser.com Subject: Re: Bridging-(How to test and verify that bridging is enabled) Hi, Are you using properly crossed cables? Isnt it enough check for the that two linux can ping each other.. Yes and no. You must used crossed Ethernet cable between your FreeBSD bridge and each of your Linux boxes. Frankly i am not sure about the cables type but they works PC to PC connectivity. As someone suggested, what is ifconfig saying on the FreeBSD box? You should see that both sk0 and sk1 have a status: active. Else it means you have a cable problem. sk0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:69:25 media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active sk1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 00:0a:5e:1a:67:ee media: Ethernet autoselect (1000baseTX full-duplex, flag0, flag1, flag2) status: active here is the ifconfig output for the bridge interface: bridge0: flags=8943UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM, TXCSUM, VLAN_MTU ether 0a:54:d7:7e:aa:66 inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 id 00:00:00:00:00:00 priortiy 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 I think ifconfig bridge0 should list member interfaces. Did you add them? ifconfig bridge0 addm sk0 addm sk1 up ifconfig sk0 up ifconfig sk1 up this configuration exists in rc.conf if ifconfig doesn't print out something like this: bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 4a:be:26:65:75:06 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: sk0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 1 priority 128 path cost 200 member: sk1 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 2 priority 128 path cost 20 Then you need to add the member interfaces. i noted that, following information is missing member: sk0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 1 priority 128 path cost 200 member: sk1 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 2 priority 128 path cost 20 Now i need to know how to add the interfaces..? Any command do u knw and can help me..? Regards!!! http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009 ifconfig bridge0 addm sk0 addm sk1 up ifconfig sk0 up ifconfig sk1 up Thanks a lot dear.. it worked. but i m still confused that i have the alternative configuration in rc.conf as per guideline here on this page: http://www.freebsd.org/doc/en/books/handbook/network-bridging.html it should have worked, but it did not. and here with these commands, it is working.. I am able to get reply to ping Thanks a lot /Faizan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org _ Windows Live™ Contacts: Organize your contact list. http://windowslive.com/connect/post/marcusatmicrosoft.spaces.live.com-Blog-cns!503D1D86EBB2B53C!2285.entry?ocid=TXT_TAGLM_WL_UGC_Contacts_032009___ freebsd
Re: Bridging-(How to test and verify that bridging is enabled)
Faizan ul haq Muhammad wrote: i noted that, following information is missing member: sk0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 1 priority 128 path cost 200 member: sk1 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 2 priority 128 path cost 20 Now i need to know how to add the interfaces..? Any command do u knw and can help me..? Regards!!! http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009 ifconfig bridge0 addm sk0 addm sk1 up ifconfig sk0 up ifconfig sk1 up Thanks a lot dear.. it worked. but i m still confused that i have the alternative configuration in rc.conf as per guideline here on this page: http://www.freebsd.org/doc/en/books/handbook/network-bridging.html it should have worked, but it did not. and here with these commands, it is working.. I am able to get reply to ping Make sure you got the full config in there adjusted to your settings: cloned_interfaces=bridge0 ifconfig_bridge0=addm fxp0 addm fxp1 up ifconfig_fxp0=up ifconfig_fxp1=up And that you've rebooted. Assuming you've done those steps correctly, it should work. Generally issue's like that are rooted in typo's and misconfigurations. As your typo count gets incremented, you will learn humility. ;) Least that's how it was for me. Another good rule of thumb is if you're following the handbook and it's still doesn't work then you're not following the handbook. Glad it works for you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Bridging-(How to test and verify that bridging is enabled)
Hi, I am not sure but as per some internet guide, I have configured the bridge on Freebsd(7) Machine with two LAN cards on it I have compiled my KERNEL with (device if_bridge) and then added code to rc.conf cloned_interfaces=bridge0 ifconfig_bridge0=addm sk0 addm sk1 up ifconfig_sk0=up ifconfig_sk1=up I connected two linux PCs with these two interfaces (sk0 and sk1) and tried to ping between them but didnt get any success.configuration seems to be ok, but still no traffice is being passed. Can any one give any sugestion ? Regards! _ Windows Live™: Life without walls. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tap - wireless client bridging (WPA)
Michael Neumann wrote: Hi, I'd like to run Qemu on FreeBSD 7.0 and be able to connect from the Qemu instance to the internet. For this to work, I'd like to use a tap device and bridge it with a wireless (wpi) device. But it seems like both lagg and if_bridge doesn't yet support WPA security (or wireless clients). In the meanwhile I found the answer myself... the solution is to use natd. Regards, Michael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
tap - wireless client bridging (WPA)
Hi, I'd like to run Qemu on FreeBSD 7.0 and be able to connect from the Qemu instance to the internet. For this to work, I'd like to use a tap device and bridge it with a wireless (wpi) device. But it seems like both lagg and if_bridge doesn't yet support WPA security (or wireless clients). Anyone knows if this support will be added in 7.1 or maybe another good approach to my problem? Regards, Michael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user ppp and PPPoE bridging
On Thursday 25 October 2007 00:11:39 [EMAIL PROTECTED] wrote: Oct 24 12:33:35 nightmare ppp[859]: tun0: Debug: deflink: PPPoE:ed1: Cannot determine bandwidth I presume this is a result of the lost LQR packets. No, bandwidth isn't known to ppp. You can ignore this warning. There is no connection between LQR and bandwidth. The above summary appears to indicate that line quality requests are being transferred; so what's with the too many LQR packets lost message? Perhaps the peer does not accept LQR. Disable LQR. Disable echo as well. These settings provide some monitoring capabilities, but must be accepted by both peers. If for some reason(probably misconfiguration) these are not accepted by the other peer, things will not work... But, try disabling only LQR at first. Finally, Where does the initial IP address used in the negotiation come from? I did not specify specific IP address assignment, yet the request appears to have asked for 12.32.36.65 This is the IP of the other interface on the machine, and my ppp.conf has no mention of it. It's not important. These IP addresses will be denied by the other peer during IPCP. The peer will then provide you an IP address and ppp will accept it. Hope this helps Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user ppp and PPPoE bridging
To answer my own question: I had the mux type set wrong -- VC-based instead of LLC-based. While the line comes up, the session is never opened because of the mux mismatch. moving right along now... Gary The freebsd box is connected directly via ed1 to the dsl modem; a crossover cable is used; the packets are clearly reaching the modem, as it records them as received. I've simplified ppp.conf to the following, essentially the ppp.conf.sample: default: set log all -timer blackfoot: set device PPPoE:ed1 enable lqr echo set cd 5 set redial 0 0 set dial set login set authname set authkey add! default HISADDR #ifconfig ed1 ed1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::220:18ff:fe72:8b72%ed1 prefixlen 64 scopeid 0x3 ether 00:20:18:72:8b:72 #tcpdump -efntl -i ed1 tcpdump: WARNING: ed1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ed1, link-type EN10MB (Ethernet), capture size 96 bytes 00:20:18:72:8b:72 ff:ff:ff:ff:ff:ff, ethertype PPPoE D (0x8863), length 32: PPPoE PADI [Host-Uniq 0x402DA4C1] [Service-Name] 00:20:18:72:8b:72 ff:ff:ff:ff:ff:ff, ethertype PPPoE D (0x8863), length 32: PPPoE PADI [Host-Uniq 0x402DA4C1] [Service-Name] It appears that no PADO reply is being received by the modem; the modem shows two packets being transmitted, but non being received. Since the line is marked as up by the modem, and since the line comes up properly when the modem is operating in full PPPoE mode, I'm puzzled as to what kind of mismatch could be preventing the ISP end from responding. This is a zyxel 642r modem; I can't try my other modem, a cisco 678, because it doesn't support a vci 63. The modem is set to use VC-based multiplexing, vpi=0, vci=100 These are the parameters used for PPPoE, and I presume are still required as part of the ATM layer when bridging. I am assuming there should be no need for my ISP to be notified that I am trying to use bridging in the modem, since it should be transparent on their end. They claim not to support bridging, but I don't see how they can say that, other than that they don't want to deal with the support issues. Is this a reasonable assumption? Nikos Vassiliadis wrote: On Tuesday 23 October 2007 05:31:45 [EMAIL PROTECTED] wrote: I'm attempting to change a DSL link from using PPPoE in the DSL modem to doing PPPoE on 6.1, with the modem in bridging mode. I've put the DSL modem in bridging mode, and it brings up the link properly -- or at least it reports it as up (DSL led steady; modem status report shows it as up, rfc 1483. Using user ppp, when I attempt to establish the PPPoE connection, I never get very far -- ppp dies when it tries to acquire carrier. I don't understand this, as there isn't a carrier signal to acquire on an ethernet. There is carrier on ethernet. Ethernet belongs to the CSMA/DA model where CS means carrier sense. I tried disabling cd in ppp.conf but as noted in the doc, it's required for a PPPoE connection and is forced on. Also, how do I know know which interface it is attempting to connect to? The debug log shows it found five interfaces, but doesn't indicate which one it is trying to connect to. It tries to use ed1 for PPPoE(set device PPPoE:ed1) Can you use the minimal configuration labelled pppoe from /usr/share/examples/ppp/ppp.conf.sample? The only things you have to change are: The ethernet interface it will try PPPoE. username and password. Is your ed1 connected to the modem directly? Or it goes through a switch? Can you try connecting your ed1 directly on your DSL modem's ethernet port? You might need a crossover cable to do this( http://en.wikipedia.org/wiki/Ethernet_crossover_cable) or not since these days many ethernet ports do this automatically. Please post also ifconfig and run tcpdump on ed1 during try. ... I dont'see anything wrong, but I may be wrong. The small sample configuration always worked for me. Why don't you use it as a starting point? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user ppp and PPPoE bridging
On Tuesday 23 October 2007 21:04:48 [EMAIL PROTECTED] wrote: This is a zyxel 642r modem; I can't try my other modem, a cisco 678, because it doesn't support a vci 63. Oh cisco :) Be thankful to cisco for not creating other proprietary protocols to replace the existing ATM/DSL combination :) The modem is set to use VC-based multiplexing, vpi=0, vci=100 These are the parameters used for PPPoE, and I presume are still required as part of the ATM layer when bridging. I am assuming there should be no need for my ISP to be notified that I am trying to use bridging in the modem, since it should be transparent on their end. They claim not to support bridging, but I don't see how they can say that, other than that they don't want to deal with the support issues. Is this a reasonable assumption? My knowledge about ATM is minimal. So, I don't realy know how to answer to your question about bridging being transparent to the ISP. But I can tell you for sure that ISPs do not bother if you cannot connect using FreeBSD and PPPoE. You are mainly on your own. I assume that if you use the same settings your modem uses to do PPPoE it won't make a difference to the ISP end. You said you had wrong encapsulation type. Did you make any progress? The packets are clearly reaching the modem, as it records them as received. Can you also check the number of cells going out/coming in from the ATM interface? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user ppp and PPPoE bridging
Nikos Vassiliadis wrote: You said you had wrong encapsulation type. Did you make any progress? Yes. Changing the encapsulation type brought the line up, and things hobbled along... However, the line is dropped after a few minutes, apparently a result of not being able to determine line quality: Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: deflink: ** Too many LQR packets lost ** Oct 24 12:39:06 nightmare ppp[859]: tun0: LQM: deflink: Too many LQR packets lost Oct 24 12:39:06 nightmare ppp[859]: tun0: CCP: deflink: State change Stopped -- Closed Oct 24 12:39:06 nightmare ppp[859]: tun0: CCP: deflink: State change Closed -- Initial Oct 24 12:39:06 nightmare ppp[859]: tun0: LCP: deflink: LayerDown Oct 24 12:39:06 nightmare ppp[859]: tun0: LCP: deflink: State change Opened -- Starting Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: deflink: open - lcp Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: route_UpdateMTU (5) Oct 24 12:39:06 nightmare ppp[859]: tun0: TCP/IP: route_UpdateMTU: Netif: 5 (tun0), dst 0.0.0.0/0, mtu 1500 Oct 24 12:39:06 nightmare ppp[859]: tun0: TCP/IP: route_UpdateMTU: Netif: 5 (tun0), dst 216.47.48.1, mtu 1500 Oct 24 12:39:06 nightmare ppp[859]: tun0: TCP/IP: route_UpdateMTU: Netif: 5 (tun0), dst ff01:5::/32, mtu 1500 Oct 24 12:39:06 nightmare ppp[859]: tun0: TCP/IP: route_UpdateMTU: Netif: 5 (tun0), dst ff02:5::/32, mtu 1500 Oct 24 12:39:06 nightmare ppp[859]: tun0: IPCP: deflink: LayerDown: 12.32.44.142 Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: ReadSystem: Can't open /etc/ppp/ppp.linkdown. Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: ReadSystem: Can't open /etc/ppp/ppp.linkdown. Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: ReadSystem: Can't open /etc/ppp/ppp.linkdown. Oct 24 12:39:06 nightmare ppp[859]: tun0: IPCP: deflink: State change Opened -- Starting Oct 24 12:39:06 nightmare ppp[859]: tun0: IPCP: deflink: LayerFinish. Oct 24 12:39:06 nightmare ppp[859]: tun0: IPCP: Connect time: 331 secs: 2253 octets in, 1584 octets out Oct 24 12:39:06 nightmare ppp[859]: tun0: IPCP: 24 packets in, 25 packets out Oct 24 12:39:06 nightmare ppp[859]: tun0: IPCP: total 11 bytes/sec, peak 275 bytes/sec on Wed Oct 24 12:34:43 2007 Oct 24 12:39:06 nightmare ppp[859]: tun0: IPCP: deflink: State change Starting -- Initial Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: bundle: Terminate Oct 24 12:39:06 nightmare ppp[859]: tun0: LCP: deflink: LayerFinish Oct 24 12:39:06 nightmare ppp[859]: tun0: LCP: deflink: State change Starting -- Initial Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: deflink: Disconnected! Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: deflink: lcp - logout Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: deflink: Disconnected! Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: deflink: logout - hangup Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: deflink: Close Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: deflink: Connect time: 332 secs: 3044 octets in, 2789 octets out Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: deflink: 70 packets in, 77 packets out Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: total 17 bytes/sec, peak 315 bytes/sec on Wed Oct 24 12:34:46 2007 Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: deflink: hangup - closed Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: route_IfDelete (5) Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: Found 0.0.0.0/0 216.47.48.1 Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: route_IfDelete: Skip it (pass 0) Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: Found 216.47.48.1 12.32.44.142 Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: route_IfDelete: Skip it (pass 0) Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: Found ff01:5::/32 AF_UNSPEC Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: route_IfDelete: Skip it (pass 0) Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: Found ff02:5::/32 AF_UNSPEC Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: route_IfDelete: Skip it (pass 0) Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: Found 0.0.0.0/0 216.47.48.1 Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: wrote 124: cmd = Delete, dst = 0.0.0.0/0, gateway = none Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: Found 216.47.48.1 12.32.44.142 Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: wrote 108: cmd = Delete, dst = 216.47.48.1, gateway = none Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: Found ff01:5::/32 AF_UNSPEC Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: wrote 148: cmd = Delete, dst = ff01:5::/32, gateway = none Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: Found ff02:5::/32 AF_UNSPEC Oct 24 12:39:06 nightmare ppp[859]: tun0: Debug: wrote 148: cmd = Delete, dst = ff02:5::/32, gateway = none Oct 24 12:39:06 nightmare ppp[859]: tun0: Phase: bundle: Dead During initial protocol negotiation, it looks like come sort of compression is disallowed, but it doesn't seem like that should cause the line to be dropped later: Oct 24 12:33:35 nightmare
user ppp and PPPoE bridging
I'm attempting to change a DSL link from using PPPoE in the DSL modem to doing PPPoE on 6.1, with the modem in bridging mode. I've put the DSL modem in bridging mode, and it brings up the link properly -- or at least it reports it as up (DSL led steady; modem status report shows it as up, rfc 1483. Using user ppp, when I attempt to establish the PPPoE connection, I never get very far -- ppp dies when it tries to acquire carrier. I don't understand this, as there isn't a carrier signal to acquire on an ethernet. I tried disabling cd in ppp.conf but as noted in the doc, it's required for a PPPoE connection and is forced on. Also, how do I know know which interface it is attempting to connect to? The debug log shows it found five interfaces, but doesn't indicate which one it is trying to connect to. Thanks for any clues, Gary log file: = Oct 22 16:34:15 nightmare ppp[84336]: Phase: Using interface: tun0 Oct 22 16:34:15 nightmare ppp[84336]: Phase: deflink: Created in closed state Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: set log -timer Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: ident user-ppp VERSION (built COMPILATIONDATE) Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: set redial 15 0 Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: set reconnect 15 1 Oct 22 16:34:15 nightmare ppp[84336]: tun0: Phase: PPP Started (interactive mode). Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: /dev/ttyp3: dial blackfoot Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0x282e72e0 = fopen(/etc/ppp/ppp.conf, r) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: ReadSystem: Checking default (/etc/ppp/ppp.conf). Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0x282e72e0 = fopen(/etc/ppp/ppp.conf, r) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: ReadSystem: Checking blackfoot (/etc/ppp/ppp.conf). Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0x282e72e0 = fopen(/etc/ppp/ppp.conf, r) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: ReadSystem: Checking blackfoot (/etc/ppp/ppp.conf). Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set device PPPoE:ed1 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: disable acfcomp protocomp Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: deny acfcomp Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set mtu max 1492 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set mru max 1492 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: enable mssfixup Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set speed sync Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: enable lqr Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set lqrperiod 5 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set ctsrts off Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: disable ipv6cp Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set dial Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set login Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set timeout 0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set authname Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set authkey Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: add! default HISADDR Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 3 = socket(17, 3, 0) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: bundle: Establish Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: deflink: closed - opening Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0 = NgMkSockNode(, cs, ds) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: List of netgraph node ``ed1:'' (id 2) hooks: Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Found orphans - ethernet Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Connecting netgraph socket .:tun0 - [8]::tun0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 4 = socket(2, 2, 0) Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0 = ioctl(4, 3223349521, 0xbfbfda00) Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0 = ioctl(4, 2149607696, 0xbfbfda00) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Sending PPPOE_CONNECT to .:tun0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Found the following interfaces: Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 1, name ep0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 2, name plip0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 3, name ed1 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 4, name lo0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 5, name tun0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: deflink: Connected! Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: deflink: opening - dial Oct 22 16:34:24
Re: user ppp and PPPoE bridging
On Tuesday 23 October 2007 05:31:45 [EMAIL PROTECTED] wrote: I'm attempting to change a DSL link from using PPPoE in the DSL modem to doing PPPoE on 6.1, with the modem in bridging mode. I've put the DSL modem in bridging mode, and it brings up the link properly -- or at least it reports it as up (DSL led steady; modem status report shows it as up, rfc 1483. Using user ppp, when I attempt to establish the PPPoE connection, I never get very far -- ppp dies when it tries to acquire carrier. I don't understand this, as there isn't a carrier signal to acquire on an ethernet. There is carrier on ethernet. Ethernet belongs to the CSMA/DA model where CS means carrier sense. I tried disabling cd in ppp.conf but as noted in the doc, it's required for a PPPoE connection and is forced on. Also, how do I know know which interface it is attempting to connect to? The debug log shows it found five interfaces, but doesn't indicate which one it is trying to connect to. It tries to use ed1 for PPPoE(set device PPPoE:ed1) Can you use the minimal configuration labelled pppoe from /usr/share/examples/ppp/ppp.conf.sample? The only things you have to change are: The ethernet interface it will try PPPoE. username and password. Is your ed1 connected to the modem directly? Or it goes through a switch? Can you try connecting your ed1 directly on your DSL modem's ethernet port? You might need a crossover cable to do this( http://en.wikipedia.org/wiki/Ethernet_crossover_cable) or not since these days many ethernet ports do this automatically. Please post also ifconfig and run tcpdump on ed1 during try. [snip] ppp.conf: === default: set log all set log -timer ident user-ppp VERSION (built COMPILATIONDATE) set redial 15 0 set reconnect 15 1 isp: set device PPPoE:ed1 disable acfcomp protocomp deny acfcomp set mtu max 1492 set mru max 1492 enable mssfixup set speed sync enable lqr set lqrperiod 5 set ctsrts off disable ipv6cp set dial set login set timeout 0 set authname xx set authkey yy add! default HISADDR I dont'see anything wrong, but I may be wrong. The small sample configuration always worked for me. Why don't you use it as a starting point? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user ppp and PPPoE bridging
On Mon, 22 Oct 2007 17:50:15 -0600 Gary Aitken [EMAIL PROTECTED] wrote: I'm attempting to change a DSL link from using PPPoE in the DSL modem to doing PPPoE on 6.1, with the modem in bridging mode. I've put the DSL modem in bridging mode, and it brings up the link properly -- or at least it reports it as up (DSL led steady; modem status report shows it as up, rfc 1483. Using user ppp, when I attempt to establish the PPPoE connection, I never get very far -- ppp dies when it tries to acquire carrier. I don't understand this, as there isn't a carrier signal to acquire on an ethernet. I tried disabling cd in ppp.conf but as noted in the doc, it's required for a PPPoE connection and is forced on. I'd try simplifying a bit, this is my ppp.conf file default: set log Phase tun command adsl: set device PPPoE:vr0 set authname ** set authkey *** add default HISADDR # DNS configured manually # enable dns ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user ppp and PPPoE bridging
Hi Nikos, Thank you and rw for your replies. The freebsd box is connected directly via ed1 to the dsl modem; a crossover cable is used; the packets are clearly reaching the modem, as it records them as received. I've simplified ppp.conf to the following, essentially the ppp.conf.sample: default: set log all -timer blackfoot: set device PPPoE:ed1 enable lqr echo set cd 5 set redial 0 0 set dial set login set authname set authkey add! default HISADDR #ifconfig ed1 ed1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::220:18ff:fe72:8b72%ed1 prefixlen 64 scopeid 0x3 ether 00:20:18:72:8b:72 #tcpdump -efntl -i ed1 tcpdump: WARNING: ed1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ed1, link-type EN10MB (Ethernet), capture size 96 bytes 00:20:18:72:8b:72 ff:ff:ff:ff:ff:ff, ethertype PPPoE D (0x8863), length 32: PPPoE PADI [Host-Uniq 0x402DA4C1] [Service-Name] 00:20:18:72:8b:72 ff:ff:ff:ff:ff:ff, ethertype PPPoE D (0x8863), length 32: PPPoE PADI [Host-Uniq 0x402DA4C1] [Service-Name] It appears that no PADO reply is being received by the modem; the modem shows two packets being transmitted, but non being received. Since the line is marked as up by the modem, and since the line comes up properly when the modem is operating in full PPPoE mode, I'm puzzled as to what kind of mismatch could be preventing the ISP end from responding. This is a zyxel 642r modem; I can't try my other modem, a cisco 678, because it doesn't support a vci 63. The modem is set to use VC-based multiplexing, vpi=0, vci=100 These are the parameters used for PPPoE, and I presume are still required as part of the ATM layer when bridging. I am assuming there should be no need for my ISP to be notified that I am trying to use bridging in the modem, since it should be transparent on their end. They claim not to support bridging, but I don't see how they can say that, other than that they don't want to deal with the support issues. Is this a reasonable assumption? Nikos Vassiliadis wrote: On Tuesday 23 October 2007 05:31:45 [EMAIL PROTECTED] wrote: I'm attempting to change a DSL link from using PPPoE in the DSL modem to doing PPPoE on 6.1, with the modem in bridging mode. I've put the DSL modem in bridging mode, and it brings up the link properly -- or at least it reports it as up (DSL led steady; modem status report shows it as up, rfc 1483. Using user ppp, when I attempt to establish the PPPoE connection, I never get very far -- ppp dies when it tries to acquire carrier. I don't understand this, as there isn't a carrier signal to acquire on an ethernet. There is carrier on ethernet. Ethernet belongs to the CSMA/DA model where CS means carrier sense. I tried disabling cd in ppp.conf but as noted in the doc, it's required for a PPPoE connection and is forced on. Also, how do I know know which interface it is attempting to connect to? The debug log shows it found five interfaces, but doesn't indicate which one it is trying to connect to. It tries to use ed1 for PPPoE(set device PPPoE:ed1) Can you use the minimal configuration labelled pppoe from /usr/share/examples/ppp/ppp.conf.sample? The only things you have to change are: The ethernet interface it will try PPPoE. username and password. Is your ed1 connected to the modem directly? Or it goes through a switch? Can you try connecting your ed1 directly on your DSL modem's ethernet port? You might need a crossover cable to do this( http://en.wikipedia.org/wiki/Ethernet_crossover_cable) or not since these days many ethernet ports do this automatically. Please post also ifconfig and run tcpdump on ed1 during try. ... I dont'see anything wrong, but I may be wrong. The small sample configuration always worked for me. Why don't you use it as a starting point? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
user ppp and PPPoE bridging
I'm attempting to change a DSL link from using PPPoE in the DSL modem to doing PPPoE on 6.1, with the modem in bridging mode. I've put the DSL modem in bridging mode, and it brings up the link properly -- or at least it reports it as up (DSL led steady; modem status report shows it as up, rfc 1483. Using user ppp, when I attempt to establish the PPPoE connection, I never get very far -- ppp dies when it tries to acquire carrier. I don't understand this, as there isn't a carrier signal to acquire on an ethernet. I tried disabling cd in ppp.conf but as noted in the doc, it's required for a PPPoE connection and is forced on. Also, how do I know know which interface it is attempting to connect to? The debug log shows it found five interfaces, but doesn't indicate which one it is trying to connect to. Thanks for any clues, Gary log file: = Oct 22 16:34:15 nightmare ppp[84336]: Phase: Using interface: tun0 Oct 22 16:34:15 nightmare ppp[84336]: Phase: deflink: Created in closed state Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: set log -timer Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: ident user-ppp VERSION (built COMPILATIONDATE) Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: set redial 15 0 Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: set reconnect 15 1 Oct 22 16:34:15 nightmare ppp[84336]: tun0: Phase: PPP Started (interactive mode). Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: /dev/ttyp3: dial blackfoot Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0x282e72e0 = fopen(/etc/ppp/ppp.conf, r) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: ReadSystem: Checking default (/etc/ppp/ppp.conf). Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0x282e72e0 = fopen(/etc/ppp/ppp.conf, r) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: ReadSystem: Checking blackfoot (/etc/ppp/ppp.conf). Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0x282e72e0 = fopen(/etc/ppp/ppp.conf, r) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: ReadSystem: Checking blackfoot (/etc/ppp/ppp.conf). Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set device PPPoE:ed1 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: disable acfcomp protocomp Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: deny acfcomp Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set mtu max 1492 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set mru max 1492 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: enable mssfixup Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set speed sync Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: enable lqr Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set lqrperiod 5 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set ctsrts off Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: disable ipv6cp Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set dial Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set login Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set timeout 0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set authname Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set authkey Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: add! default HISADDR Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 3 = socket(17, 3, 0) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: bundle: Establish Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: deflink: closed - opening Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0 = NgMkSockNode(, cs, ds) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: List of netgraph node ``ed1:'' (id 2) hooks: Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Found orphans - ethernet Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Connecting netgraph socket .:tun0 - [8]::tun0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 4 = socket(2, 2, 0) Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0 = ioctl(4, 3223349521, 0xbfbfda00) Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0 = ioctl(4, 2149607696, 0xbfbfda00) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Sending PPPOE_CONNECT to .:tun0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Found the following interfaces: Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 1, name ep0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 2, name plip0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 3, name ed1 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 4, name lo0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 5, name tun0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: deflink: Connected! Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: deflink: opening - dial Oct 22 16:34:24
user ppp and PPPoE bridging
I'm attempting to change a DSL link from using PPPoE in the DSL modem to doing PPPoE on 6.1, with the modem in bridging mode. I've put the DSL modem in bridging mode, and it brings up the link properly -- or at least it reports it as up (DSL led steady; modem status report shows it as up, rfc 1483. Using user ppp, when I attempt to establish the PPPoE connection, I never get very far -- ppp dies when it tries to acquire carrier. I don't understand this, as there isn't a carrier signal to acquire on an ethernet. I tried disabling cd in ppp.conf but as noted in the doc, it's required for a PPPoE connection and is forced on. Also, how do I know know which interface it is attempting to connect to? The debug log shows it found five interfaces, but doesn't indicate which one it is trying to connect to. Thanks for any clues, Gary log file: = Oct 22 16:34:15 nightmare ppp[84336]: Phase: Using interface: tun0 Oct 22 16:34:15 nightmare ppp[84336]: Phase: deflink: Created in closed state Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: set log -timer Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: ident user-ppp VERSION (built COMPILATIONDATE) Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: set redial 15 0 Oct 22 16:34:15 nightmare ppp[84336]: tun0: Command: default: set reconnect 15 1 Oct 22 16:34:15 nightmare ppp[84336]: tun0: Phase: PPP Started (interactive mode). Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: /dev/ttyp3: dial blackfoot Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0x282e72e0 = fopen(/etc/ppp/ppp.conf, r) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: ReadSystem: Checking default (/etc/ppp/ppp.conf). Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0x282e72e0 = fopen(/etc/ppp/ppp.conf, r) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: ReadSystem: Checking blackfoot (/etc/ppp/ppp.conf). Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0x282e72e0 = fopen(/etc/ppp/ppp.conf, r) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: ReadSystem: Checking blackfoot (/etc/ppp/ppp.conf). Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set device PPPoE:ed1 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: disable acfcomp protocomp Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: deny acfcomp Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set mtu max 1492 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set mru max 1492 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: enable mssfixup Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set speed sync Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: enable lqr Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set lqrperiod 5 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set ctsrts off Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: disable ipv6cp Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set dial Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set login Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set timeout 0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set authname Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: set authkey Oct 22 16:34:24 nightmare ppp[84336]: tun0: Command: blackfoot: add! default HISADDR Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 3 = socket(17, 3, 0) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: bundle: Establish Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: deflink: closed - opening Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0 = NgMkSockNode(, cs, ds) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: List of netgraph node ``ed1:'' (id 2) hooks: Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Found orphans - ethernet Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Connecting netgraph socket .:tun0 - [8]::tun0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 4 = socket(2, 2, 0) Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0 = ioctl(4, 3223349521, 0xbfbfda00) Oct 22 16:34:24 nightmare ppp[84336]: tun0: ID0: 0 = ioctl(4, 2149607696, 0xbfbfda00) Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Sending PPPOE_CONNECT to .:tun0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Found the following interfaces: Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 1, name ep0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 2, name plip0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 3, name ed1 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 4, name lo0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Debug: Index 5, name tun0 Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: deflink: Connected! Oct 22 16:34:24 nightmare ppp[84336]: tun0: Phase: deflink: opening - dial Oct 22 16:34:24
Bridging interfaces
Hello, I seem to be having some trouble bridging interfaces in FreeBSD 6.2-STABLE. What I have are two interfaces rl0 - 192.168.2.2 sis0 - 192.168.1.2 and a bridge I've set up following the pages in the handbook. However frames don't seem to be routed from one interface to the other. The internet gateway for the networks lives on 192.168.1.1 and I am able to reach the internet from boxes on the 192.168.1.0/24 subnet but not from the other. Tracing the route from a box on the 192.168.2.0/24 subnet the connection times out on the freebsd box, orinoco. On orinoco: [EMAIL PROTECTED] /usr/pub/distfiles]$ ping freebsd.org PING freebsd.org (69.147.83.40): 56 data bytes 64 bytes from 64.191.203.30: icmp_seq=0 ttl=244 time=79.676 ms 64 bytes from 64.191.203.30: icmp_seq=1 ttl=244 time=69.009 ms ^C --- digg.com ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 69.009/74.343/79.676/5.334 ms [EMAIL PROTECTED] /usr/pub/distfiles]$ traceroute freebsd.org traceroute to freebsd.org (69.147.83.40), 64 hops max, 40 byte packets 1 wireless (192.168.1.1) 0.849 ms 0.792 ms 0.740 ms 2 * * * 3 rd1no-ge7-0-0-2.cg.shawcable.net (64.59.131.210) 9.407 ms 9.793 ms 9.648 ms 4 rc1no-ge6-0-0.cg.shawcable.net (66.163.77.5) 9.754 ms 9.887 ms 9.453ms 5 rc1so-pos15-0.cg.shawcable.net (66.163.77.9) 10.553 ms 9.192 ms * 6 rc1wh-pos3-0-0.vc.shawcable.net (66.163.77.197) 22.346 ms 53.143 ms 22.748 ms 7 rc1wt-pos1-0-0.wa.shawcable.net (66.163.76.2) 27.164 ms 29.142 ms 25.660 ms 8 six.yahoo.com (198.32.180.98) 28.643 ms 30.031 ms 36.214 ms 9 ge-0-2-0.pat2.swp.yahoo.com (216.115.110.33) 25.840 ms 28.536 ms 27.054 ms 10 so-1-0-0.pat1.pdx.yahoo.com (216.115.110.39) 37.792 ms 36.867 ms 34.238 ms 11 so-3-0-0.pat1.sjc.yahoo.com (216.115.110.36) 47.776 ms 52.997 ms 46.636 ms 12 g-0-0-0-p160.msr1.sp1.yahoo.com (216.115.107.57) 46.840 ms g-1-0-0-p170.msr2.sp1.yahoo.com (216.115.107.85) 50.327 ms g-1-0-0-p160.msr1.sp1.yahoo.com (216.115.107.61) 51.827 ms 13 ge-1-46.bas-b1.sp1.yahoo.com (209.131.32.43) 50.238 ms ge-1-41.bas-b2.sp1.yahoo.com (209.131.32.33) 52.068 ms ge-1-48.bas-b1.sp1.yahoo.com (209.131.32.47) 49.095 ms 14 freebsd.org (69.147.83.40) 51.419 ms 51.483 ms 50.079 ms On a 192.168.2.0/24 side box [EMAIL PROTECTED] ~]$ traceroute freebsd.org traceroute to freebsd.org (69.147.83.40), 30 hops max, 40 byte packets 1 orinoco (192.168.2.2) 0.627 ms 0.444 ms 0.313 ms 2 * * * 3 * * * ... Output of Ifconfig on orinoco sis0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU inet 192.168.1.2 netmask 0xff00 broadcast 192.168.1.255 ether 00:d0:09:f8:f7:5a media: Ethernet autoselect (100baseTX full-duplex) status: active rl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU inet 192.168.2.2 netmask 0xff00 broadcast 192.168.2.255 ether 00:e0:29:43:ef:db media: Ethernet autoselect (100baseTX full-duplex) status: active plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 ether 46:50:6b:b3:54:0d id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto stp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: rl0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP member: sis0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP Any idea what I'm doing incorrectly? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging interfaces
Thanks for your help Chris, I ended up rebooting the router since I wasn't sure what manner of nonsense I'd put in and everything is working. On 9/29/07, Christopher Cowart [EMAIL PROTECTED] wrote: On Sat, Sep 29, 2007 at 09:49:36PM -0600, Simon Timms wrote: That makes a lot of sense, but I suppose I still don't understand why this isn't working. The handbook section on routing is pretty basic and it seems to come down to setting net.inet.ip.forwarding to 1 if you want to route packets between interfaces on a dual-homed host. I'm able to reach hosts on both subnets from the router and my routing table looks like: Internet: DestinationGateway Flags Refs Use Netif Expire default wireless UGS 0 9905 sis0 localhost localhost UH0 134 lo0 192.168.1 link#1 UC0 0 sis0 orinoco 00:d0:09:f8:f7:5a UHLW 1 268lo0 192.168.1.255ff:ff:ff:ff:ff:ffUHLWb 1 87 sis0 192.168.2 link#2 UC0 0 rl0 192.168.2.255ff:ff:ff:ff:ff:ffUHLWb 187 rl0 Are your 192.168.2/24 machines configured to use 192.168.2.2 as their default router? They don't know where 192.168.1.2 is, because they don't see it as being on the same link. The subnet mask is used to determine this kind of reachability. You could probably use 192.168.1.2 as your default router, as long as you created a static route `route add 192.168.1/24 192.168.2.2', telling the system that to get to 192.168.1/24, the next-hop is 192.168.2.2. This seems needlessly complex when you can just configure 192.168.2.2 as your default router and skip the static route configuration all together. Regardless, bridging isn't going to help unless the host and the default router have the same subnet configurations. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging interfaces
On Sat, Sep 29, 2007 at 09:49:36PM -0600, Simon Timms wrote: That makes a lot of sense, but I suppose I still don't understand why this isn't working. The handbook section on routing is pretty basic and it seems to come down to setting net.inet.ip.forwarding to 1 if you want to route packets between interfaces on a dual-homed host. I'm able to reach hosts on both subnets from the router and my routing table looks like: Internet: DestinationGateway Flags Refs Use Netif Expire default wireless UGS 0 9905 sis0 localhost localhost UH0 134 lo0 192.168.1 link#1 UC0 0 sis0 orinoco 00:d0:09:f8:f7:5a UHLW 1 268lo0 192.168.1.255ff:ff:ff:ff:ff:ffUHLWb 1 87 sis0 192.168.2 link#2 UC0 0 rl0 192.168.2.255ff:ff:ff:ff:ff:ffUHLWb 187 rl0 Are your 192.168.2/24 machines configured to use 192.168.2.2 as their default router? They don't know where 192.168.1.2 is, because they don't see it as being on the same link. The subnet mask is used to determine this kind of reachability. You could probably use 192.168.1.2 as your default router, as long as you created a static route `route add 192.168.1/24 192.168.2.2', telling the system that to get to 192.168.1/24, the next-hop is 192.168.2.2. This seems needlessly complex when you can just configure 192.168.2.2 as your default router and skip the static route configuration all together. Regardless, bridging isn't going to help unless the host and the default router have the same subnet configurations. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley pgpCEPtjnYgPE.pgp Description: PGP signature
Re: Bridging interfaces
That makes a lot of sense, but I suppose I still don't understand why this isn't working. The handbook section on routing is pretty basic and it seems to come down to setting net.inet.ip.forwarding to 1 if you want to route packets between interfaces on a dual-homed host. I'm able to reach hosts on both subnets from the router and my routing table looks like: Internet: DestinationGateway Flags Refs Use Netif Expire default wireless UGS 0 9905 sis0 localhost localhost UH0 134 lo0 192.168.1 link#1 UC0 0 sis0 orinoco 00:d0:09:f8:f7:5a UHLW 1 268lo0 192.168.1.255ff:ff:ff:ff:ff:ffUHLWb 1 87 sis0 192.168.2 link#2 UC0 0 rl0 192.168.2.255ff:ff:ff:ff:ff:ffUHLWb 187 rl0 On 9/29/07, Christopher Cowart [EMAIL PROTECTED] wrote: On Sat, Sep 29, 2007 at 07:06:55PM -0600, Simon Timms wrote: Hello, I seem to be having some trouble bridging interfaces in FreeBSD 6.2-STABLE. What I have are two interfaces rl0 - 192.168.2.2 sis0 - 192.168.1.2 and a bridge I've set up following the pages in the handbook. However frames don't seem to be routed from one interface to the other. The internet gateway for the networks lives on 192.168.1.1 and I am able to reach the internet from boxes on the 192.168.1.0/24 subnet but not from the other. Tracing the route from a box on the 192.168.2.0/24 subnet the connection times out on the freebsd box, orinoco. A layer 2 bridge connects two physical network segments to create the illusion of a single layer 2 network. In general, you have a single IP subnet sitting on top of a layer 2 network. Think of a bridge as a 2-port ethernet switch. If you want a single layer 2 network, try readdressing the 192.168.2/24 side to be on the 192.168.1/24 subnet. If you need different subnets, you'll want to configure *routing* and not bridging (See: handbook/network-routing.html). Good luck, -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging interfaces
On Sat, Sep 29, 2007 at 07:06:55PM -0600, Simon Timms wrote: Hello, I seem to be having some trouble bridging interfaces in FreeBSD 6.2-STABLE. What I have are two interfaces rl0 - 192.168.2.2 sis0 - 192.168.1.2 and a bridge I've set up following the pages in the handbook. However frames don't seem to be routed from one interface to the other. The internet gateway for the networks lives on 192.168.1.1 and I am able to reach the internet from boxes on the 192.168.1.0/24 subnet but not from the other. Tracing the route from a box on the 192.168.2.0/24 subnet the connection times out on the freebsd box, orinoco. A layer 2 bridge connects two physical network segments to create the illusion of a single layer 2 network. In general, you have a single IP subnet sitting on top of a layer 2 network. Think of a bridge as a 2-port ethernet switch. If you want a single layer 2 network, try readdressing the 192.168.2/24 side to be on the 192.168.1/24 subnet. If you need different subnets, you'll want to configure *routing* and not bridging (See: handbook/network-routing.html). Good luck, -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley pgpKLlRzREkCS.pgp Description: PGP signature
Bridging and port mirroring
I've poked around on the web, but come up empty. And I find it hard to believe there's not a simple way to do this, if it hasn't been done before. I've got a server with two nics configured for bridging and running bunches of ipfw rules. I'd like to add a 3rd NIC and have it mirror the 2nd NIC (so all traffic into and out of nic2 goes to nic3), so I can run an IDS on another server. Yes, I know that has the potential to overload nic3 if there is a lot of traffic going in and out of nic2, but that's not an issue for me. Has anyone done this before, or know how to do this? Thanks, --Brian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging and port mirroring
On Sep 13, 2007, at 9:29 AM, Brian McCann wrote: I've got a server with two nics configured for bridging and running bunches of ipfw rules. I'd like to add a 3rd NIC and have it mirror the 2nd NIC (so all traffic into and out of nic2 goes to nic3), so I can run an IDS on another server. Yes, I know that has the potential to overload nic3 if there is a lot of traffic going in and out of nic2, but that's not an issue for me. Has anyone done this before, or know how to do this? You might get some traction from the ipfw tee command, although that is intended for use together with a divert socket (ie, such as bouncing the packets through natd). Otherwise, try looking into the netgraph ng_tee node: DESCRIPTION The tee node type has a purpose similar to the tee(1) command. Tee nodes are useful for debugging or ``snooping'' on a connection between two net- graph nodes. Tee nodes have four hooks, right, left, right2left, and left2right. All data received on right is sent unmodified to both hooks left and right2left. Similarly, all data received on left is sent unmod- ified to both right and left2right. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging and port mirroring
On Thu, Sep 13, 2007 at 12:29:30PM -0400, Brian McCann wrote: I've poked around on the web, but come up empty. And I find it hard to believe there's not a simple way to do this, if it hasn't been done before. I've got a server with two nics configured for bridging and running bunches of ipfw rules. I'd like to add a 3rd NIC and have it mirror the 2nd NIC (so all traffic into and out of nic2 goes to nic3), so I can run an IDS on another server. Yes, I know that has the potential to overload nic3 if there is a lot of traffic going in and out of nic2, but that's not an issue for me. Has anyone done this before, or know how to do this? Are you using if_bridge? If so, it supports creating span interfaces. It's easy to set up, and it almost does what you describe (instead of only showing traffic into/out of nic2, it's going to show all traffic on bridge0.) Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
qemu, bridging, wifi, ip tunnels, etc
I have a qemu vm with w2k as the guest os. The vm is running on my desktop on which I am tracking -CURRENT. My desktop's network connection is wifi via an atheros card. I would like the w2k vm to be on the same network as the desktop, and get it's ip via dhcp, etc. I seems like wifi is not very friendly to casual bridging, so just ifconfig bridge0 addm tap0 addm ath0 up seems to be out. I was thinking of an ip tunnel (gif) from the desktop to a machine that is using wired ethernet. Then bridge the gif interface on the desktop with the tap interface from qemu and finally bridging the gif interface on the wired machine with its nic (vr) uh, it seems sort of complicated. Anyone have any simpler suggestions, or suggestions more likely to work? -- i'll unhook my oily pink mini-kimono, you kill him in honolulu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging with tap
Thanks for the reply, I followed the instructions in the handbook for ethernet bridging. In Freebsd 6.1 release you could compile the bridge and tap modules into the kernel, then enable ethernet bridging and actually bridge two interfaces using sysctl.conf. I found that this brought a tap interface up at startup. This did not automatically happen for me using 6.2 release, I have since discovered however that openvpn on startup brings up a tap interface, but of course at this point the sysctl.conf bridging entry had passed. I have since discovered that bridge has been superceded by if_bridge and that I should be able to bridge the two interfaces using rc.conf. I have entered the correct command, but how do know for sure that the two interfaces are bridged? thanks in advance - Original Message - From: Lowell Gilbert [EMAIL PROTECTED] To: Pete Jones [EMAIL PROTECTED] Cc: FreeBSD-questions freebsd-questions@freebsd.org Sent: Wednesday, May 02, 2007 12:56 AM Subject: Re: Bridging with tap Pete Jones [EMAIL PROTECTED] writes: Does anyone know anything about ethernet bridging to a tap interface in Freebsd 6.2. I have compiled the bridge option and the tap device into the kernel, but the tap device has not appeared. I have tried this on a virtual machine and a separate box with the same results, yet it works with Freebsd 6.1. I used the same configuration in sysctl.conf for both 6.1 and 6.2. Has anyone had the same problem, or any other problems with tap not working? tap devices don't appear until you try to use them. What are you actually trying that fails? My qemu-based testbed with a lot of tap devices has been working on -STABLE steadily since early in the 6.x lifetime (I haven't used it lately, but it definitely worked after 6.2 was released). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging with tap
Pete Jones [EMAIL PROTECTED] writes: Does anyone know anything about ethernet bridging to a tap interface in Freebsd 6.2. I have compiled the bridge option and the tap device into the kernel, but the tap device has not appeared. I have tried this on a virtual machine and a separate box with the same results, yet it works with Freebsd 6.1. I used the same configuration in sysctl.conf for both 6.1 and 6.2. Has anyone had the same problem, or any other problems with tap not working? tap devices don't appear until you try to use them. What are you actually trying that fails? My qemu-based testbed with a lot of tap devices has been working on -STABLE steadily since early in the 6.x lifetime (I haven't used it lately, but it definitely worked after 6.2 was released). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bridging with tap
Does anyone know anything about ethernet bridging to a tap interface in Freebsd 6.2. I have compiled the bridge option and the tap device into the kernel, but the tap device has not appeared. I have tried this on a virtual machine and a separate box with the same results, yet it works with Freebsd 6.1. I used the same configuration in sysctl.conf for both 6.1 and 6.2. Has anyone had the same problem, or any other problems with tap not working? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problem with OpenVPN and ethernet bridging
I'm trying to get my feet wet with an ethernet bridging setup under OpenVPN. I have two hosts on a 10.0.0.0/24 network that I want to connect: dl360 is the server, and t30 is the client. These hosts are resolvable by /etc/hosts. TLS seems to be working from certs I created at cacert.org. The goal is to bridge the t30 client to the second ethernet NIC of the dl360 server. The client is assigned an IP from the bridged LAN correctly, but the client cannot ping the 172.16.16.1 IP on the server's ethernet interface. tcpdump shows traffic going out the tap0 interface on the client (ARP traffic, that is, trying to ARP for 172.16.16.1). tcpdump on the server's physical bge0 shows incoming traffic destined for UDP port 1194 on the server, but no traffic on the server's tap0 or bridge0 interfaces. The OpenVPN docs, examples, and instructions are highly linux- centric, so I'm having to read between the lines a lot. Based on http://www.mired.org/home/mwm/papers/FreeBSD-OpenVPN-Bridging.html I am not assigning IPs to the server's tap and bridge interfaces, as that page claims that such is unnecessary under FreeBSD. So my troubleshooting is focusing on the server side, since I can see that VPN traffic is reaching the public interface, but OpenVPN is not mapping that traffic onto the ethernet bridge. For now, I am creating the tap and bridge interfaces manually. Despite having: openvpn_enable=YES openvpn_if=tap bridge in /etc/rc.conf, I find that OpenVPN does not create the bridge interface. I am running this script by hand, followed by running /usr/local/etc/rc.d/openvpn start: ifconfig tap0 create ifconfig bridge0 create ifconfig bridge0 addm bge1 addm tap0 up Here's ifconfig on the server: bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=9bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM ether 00:08:02:a0:c6:9d inet 10.0.0.22 netmask 0xff00 broadcast 10.0.0.255 media: Ethernet autoselect (100baseTX full-duplex) status: active bge1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=98VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM ether 00:08:02:a0:c6:9e inet 172.16.16.1 netmask 0xff00 broadcast 172.16.16.255 media: Ethernet autoselect (none) status: no carrier lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff00 tap0: flags=8942BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 00:bd:87:77:8b:00 Opened by PID 49835 bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether b6:1d:6a:ae:be:a4 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0 member: tap0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP member: bge1 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP Here's the openvpn.conf on the server: local dl360 port 1194 proto udp dev tap0 ca cacert.org.crt cert dl360.crt key dl360.key # This file should be kept secret dh dh1024.pem ifconfig-pool-persist ipp.txt server-bridge 172.16.16.1 255.255.255.0 172.16.16.50 172.16.16.100 keepalive 10 120 persist-key persist-tun status openvpn-status.log log openvpn.log verb 3 - - - And here's the openvpn.conf on the client: client dev tap proto udp remote dl360 1194 resolv-retry infinite nobind persist-key persist-tun ca cacert.org.crt cert t30.crt key t30.key log-append openvpn.log verb 3 - - - I have set net.inet.ip.forwarding set to 1 on the server to ensure that packets are forwarded between interfaces. What am I missing on the server side that's preventing me from pinging from 172.16.16.50 to 172.16.16.1? The client is running 6.2-STABLE circa March 13, and the server is 7.0-CURRENT circa late April 21. Thank you! Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging console port to a telnet session
On Jan 17, 2007, at 11:00 AM, Kailas Ramasamy wrote: Hi Mike, Thanks a lot. This is what I was looking for. -Kailas On 1/17/07, Mike Meyer [EMAIL PROTECTED] wrote: In [EMAIL PROTECTED], Kailas Ramasamy [EMAIL PROTECTED] typed: Hi Mike, I read through fork() and exec() man pages but I couldn't find anything related to this. Basically, I want to launch a telnet session from a process and pass in /dev/console as stdin and stdout. Well, you don't really need fork(), though fork() follows exec() so often than some OS's combine them into a single call. And I just noticed that if you do man exec, you get the shell's page - you want exec(3), to get the C calls. Anyway, the sequence is: Use open() to get an fd pointing at /dev/console. Use dup2() to copy that fd to stdin and stdout (and probably stderr). Use an exec() function to launch telnet. mike Thanks Kailas On 1/16/07, Mike Meyer [EMAIL PROTECTED] wrote: In [EMAIL PROTECTED], Kailas Ramasamy [EMAIL PROTECTED] typed: Hi Mike, Yes, that what I am planing but I want to do this dynamically. Do you know how to launch a telnet session from a process?. How do I pass stdin and stdout to the telnet from a process?. See the fork() and exec() man pages. mike On 1/16/07, Mike Meyer [EMAIL PROTECTED] wrote: In [EMAIL PROTECTED], Kailas Ramasamy [EMAIL PROTECTED] typed: Hi, Within a FreeBSD system, I want to telnet to another system and bridge that session to the console port so that when an user connects to the system via console port, it is automatically redirected to other system for I have already established a telnet session. What's wrong with simply leaving a telnet session running on the console, maybe with some support to relaunch it should it ever exit? mike -- Mike Meyer [EMAIL PROTECTED] http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] -- Mike Meyer [EMAIL PROTECTED] http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information. Hi Mike,brI read through fork() and exec() man pages but I couldn#39;t find anything related tobrthis. Basically, I want to launch a telnet session from a process and pass in br/dev/console as stdin and stdout. br brThanksbrKailasbrbrdivspan class=gmail_quoteOn 1/16/07, b class=gmail_sendernameMike Meyer/b lt;a href=mailto: [EMAIL PROTECTED][EMAIL PROTECTED]/agt; wrote:/spanblockquote class=gmail_quote style=border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex; In lt;a href=mailto: [EMAIL PROTECTED] [EMAIL PROTECTED]/ agt;, Kailas Ramasamy lt;a href=mailto:[EMAIL PROTECTED][EMAIL PROTECTED] /agt; typed:brgt; Hi Mike,brgt; Yes, that what I am planing but I want to do this dynamically. Do you knowbrgt; how to launch abrgt; telnet session from a process?. How do I pass stdin and stdout to the telnet brgt; from a process?.brbrSee the fork() and exec() man pages.brbrnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;lt;mik ebrbrbrgt; On 1/16/07, Mike Meyer lt;a href=mailto:[EMAIL PROTECTED][EMAIL PROTECTED]/agt; wrote:brgt; gt;brgt; gt; In lt; a href=mailto: [EMAIL PROTECTED] [EMAIL PROTECTED]/agt;, Kailasbrgt; gt; Ramasamy lt;a href=mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] /agt; typed:brgt; gt; gt; Hi,brgt; gt; gt; Within a FreeBSD system, I want to telnet to another system and bridgebrgt; gt; thatbrgt; gt; gt; session to thebrgt; gt; gt; console port so that when an user connects to the system via console brgt; gt; port,brgt; gt; gt; it is automaticallybrgt; gt; gt; redirected to other system for I have already established a telnetbrgt; gt; session.brgt; gt;brgt; gt; What#39;s wrong with simply leaving a telnet session running on the brgt; gt; console, maybe with some support to relaunch it should it ever exit?brgt; gt;brgt; gt;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; lt;mikebrgt; gt; --brgt; gt; Mike Meyer lt;a href=mailto:[EMAIL PROTECTED] [EMAIL PROTECTED]/agt; brgt; gt; a href=http://www.mired.org/consulting.html; http://www.mired.org/consulting.html/abrgt; gt; Independent Network/Unix/Perforce consultant, email for more information.brgt; gt;brgt; -- Mike Meyer [EMAIL PROTECTED] http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information. Kailas cross posted this to the questions@ list too. I gave a possible answer there. -Garrett ___ freebsd-questions@freebsd.org mailing list
DSL router bridging question
I've got a bit of an involved question about dsl and router config so hopefully I'm able to make this clear. The situation I've got is, one dsl router w/ 4 inside ports, 8 routable IPs, 2 outside machines ( FW and Email/Web), and a number of inside machines behind the firewall. Currently I've got one IP for the inside interface of the router and one for each outside machine. DHCP and NAT are turned off on the router, but BreakWater Firewall is set to ClearSailing and Safe Harbour is On. I couldn't find the setting for the Safe Harbour option. Router is Netopia-3000 model 3347NWG. It's currently set to PPP over Ethernet. Ok, here's my issue, everything works fine from the inside, and machines behind the firewall can access the web server and the Internet, but it looks like the router is blocking all inbound connections. Does the router need to be in RFC-1483 Bridged Ethernet mode and have the firewall run PPPoE to sign in to BellSouth? And if this is the answer, will the web server or any other machines (with routable IPs) on the router's inside ports operate as expected? I've looked at the handbook PPPoE info and it seems clear enough and there are a few sites with info on bridging the router, I'm looking for clarification before I start changing the current setup that bridging the router is what I want, that the router is transparent to the Internet, that is allowing all traffic in and out. thanks, John. -- - John F Hoover [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Bridging Firewall Machine Questions
Hi, thanks for the replies. As per Chuck's request, I've lamped together the output of the suggested commands and got the current kernel configuration and put them online for you to take a look at and see what you think. http://www.sisko.net/bridge/dmesg.txt http://www.sisko.net/bridge/kernconf.txt http://www.sisko.net/bridge/sysctl.txt http://www.sisko.net/bridge/vmstat.txt And finally the actual ipfw rule set I'm using: http://www.sisko.net/bridge/ipfw.txt Some interesting points as well that were raised. I'm currently using device polling in the kernel configuration, but I've never personally used interrupt coalescing or the fast-forwarding sysctl. The rule set I have in ipfw (as above) isn't that strict or overly complicated. It basically just states traffic can get out and blocks some typical Trojan ports on internal machines. The bridge theoretically isn't to block traffic, traffic should be able to behave normally in and out of the network. However the bridge should give the ability be able to block typical ports and/or certain machine IPs if they're causing issues (DoS, etc.) I also didn't know SMP could be slower, I thought FreeBSD 5.x had gone to great lengths to improve the SMP performance. Would it be better to just implement a more powerful single processor machine to do the bridging? Dynamic rules do get generated (see ipfw rule set above) because FTP was having issues when I started to not keep-state, etc. However I'm still not overly sure that the rules I have are actually keepers as it were. If you can give any more tips/advice with the information provided it'd be a great help! :) -- Ian Kaney Mail: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bridging Firewall Machine Questions
Hi there. I wonder if somebody could help me with an issue I'm experiencing. I've put together a bridging firewall using FreeBSD 5.X. The traffic routes through fine and presently I'm using IPFW, default policy is set to deny, with certain rules/ports allowed to pass through. The three interfaces that are being bridged are all gigabit speed. The server is using Intel/Broadcom gigabit network cards. The machine that is performing the bridging is a Dual Opteron 246 with 2GB memory. The issue that I'm finding is that the CPU runs out of power when the links are being hit hard. The em0 (fibre) device in particular runs at about 6% consistently with normal traffic (~40Mbits/s) being pushed through the bridge. This means the machine would run out of CPU power when the link was being utilised at around ~650Mbits/s. Is this unavoidable or is this a symptom of more CPU power being required? I've also had problems with the bridge running out of dynamic rules. I've raised them to silly figures however I'm always wary that if a machine had a Trojan or some other form of malware that attempted a DoS attack, the bridge would probably fall over after exhausting its dynamic rule count and cause more issues. Could this be fixed perhaps by setting the default policy of IPFW to accept, or do the dynamic rules get created anyway when bridging? I've tried reading around the Internet and various manuals and what not but don't seem to be getting that far with things... I've also looked at perhaps upgrading to FreeBSD 6.X because that's got newer bridging code which might alleviate issues, or so I've heard? I hope somebody can help. Thanks in advance to anybody who can give me a few pointers. Cheers. -- Ian Kaney Mail: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging Firewall Machine Questions
Ian Kaney wrote: Hi there. I wonder if somebody could help me with an issue I'm experiencing. You've asked an interesting question, but there's a lack of data (vmstat -i, dmesg, sysctl net). You might obtain better results by putting together some details, maybe as files in a directory being served by HTTP, and sending a link. I've put together a bridging firewall using FreeBSD 5.X. The traffic routes through fine and presently I'm using IPFW, default policy is set to deny, with certain rules/ports allowed to pass through. The three interfaces that are being bridged are all gigabit speed. The server is using Intel/Broadcom gigabit network cards. The machine that is performing the bridging is a Dual Opteron 246 with 2GB memory. The issue that I'm finding is that the CPU runs out of power when the links are being hit hard. The em0 (fibre) device in particular runs at about 6% consistently with normal traffic (~40Mbits/s) being pushed through the bridge. This means the machine would run out of CPU power when the link was being utilised at around ~650Mbits/s. Is this unavoidable or is this a symptom of more CPU power being required? Are the CPU's busy handling interrupts, in which case enabling interrupt coalescing (-link0 flag, depending on the NIC) or maybe using device polling might help? Have you tried enabling fast-forwarding sysctl? Or are you busy processing the traffic in your IPFW ruleset, in which case changing and optimizing your ruleset will likely remove the bottleneck you see. It's also possible that running the system in single-processor mode might actually behave better for this kind of workload, because you avoid all the SMP locking... I've also had problems with the bridge running out of dynamic rules. I've raised them to silly figures however I'm always wary that if a machine had a Trojan or some other form of malware that attempted a DoS attack, the bridge would probably fall over after exhausting its dynamic rule count and cause more issues. Could this be fixed perhaps by setting the default policy of IPFW to accept, or do the dynamic rules get created anyway when bridging? Dynamic rules shouldn't get created unless your ruleset tells IPFW to make them, or unless something like natd generates rules dynamicly for active FTP traffic. It's entirely possible to replace dynamic rules with appropriate static rules for your most common types of traffic, which may be faster and avoid filling up the dynamic session table. For example, instead of doing pass tcp from me to any smtp keep-state: # outside SMTP to pi add pass tcp from any HIPORTS to PI 25 setup add pass tcp from PI 25 to any HIPORTS established # permit SMTP exchange between pi and pong add pass tcp from PI HIPORTS to PONG 25 setup add pass tcp from PONG 25 to PI HIPORTS established add pass tcp from PONG HIPORTS to PI 25 setup add pass tcp from PI 25 to PONG HIPORTS established # track SMTP from inside to outside and block SMTP from outside add pass log logamount 20 tcp from INET HIPORTS to any 25 setup add pass tcp from INET HIPORTS to any 25 established add unreach filter-prohib log tcp from any to INET 25 [ Where PI and PONG are macros which expand to the IP addresses of my external MX relay and the internal reader box, respectively, HIPORTS means 1024-65535, and INET refers to the internal network. ] -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging Firewall Machine Questions
I've also had problems with the bridge running out of dynamic rules. I've raised them to silly figures however I'm always wary that if a machine had a Trojan or some other form of malware that attempted a DoS attack, the bridge would probably fall over after exhausting its dynamic rule count and cause I beleive other firewall solution (iptable or ipchain whatever is the newest) have rate limiting for specific kind of traffic, so this should prevent DoS, but as far as I remember ipfw has no such feature. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Bridging a Cisco Trunk
Hi Peter and list, I am unfortunately using 4.x - but it should work fine as far as my understanding is. I'm not sure why it isn't working, but if I bridge em0 and em1 (my two interfaces) the cisco switches can ping each other. The problem is that anything inside the vlan being trunked doesn't go through Now I have tried your setup below and created the vlans and bridged them, which didn't work, but I don't understand the need for the vlans to be created anyway. Surely I should be able to just transparently bridge any traffic that comes from the one side through to the other, and it should work fine? I don't need to communicate on the vlan, just bridge anything that comes through... If I do have to add vlan0,vlan1 to a bridge that's also fine - but at the moment its not working. Thanks for the help Dave -Original Message- From: Peter Wood [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 08:29 PM To: Dave Raven Cc: freebsd-questions@freebsd.org Subject: Re: Bridging a Cisco Trunk Dave, I have two cisco switches, configured to put ports 2-6 on each of them into vlan 100. Then I have port 1 on both set to trunk between the two switches. If I have a device on port 2 on switch1 it can ping a device on port 2 on switch2. I do this quite often, and it works very well on 6.0 for me. You haven't mentioned what version your using, but I will assume you have if_bridge. If you don't and you're gonna use this machine alot for bridging, I'd recommend moving to 6.0. So presumably, you have two interfaces, plugged into the trunk port on each cisco. For arguements sake, we'll say you have an fxp0 and fxp1. So first step is you need to make sure these two interfaces are up, very important, if they arn't, then it wont work. It's easy to forget if you arn't assigning IP's to them. Remove polling if you don't have it compiled into the kernel, but again if you're gonna be bridging packets alot, get it compiled in. It helps alot. ifconfig_fxp0=up polling ifconfig_fxp1=up polling Now create the vlans (and the bridge for later on). cloned_interfaces=vlan0 vlan1 bridge0 ifconfig_vlan0=vlan 100 vlandev fxp0 up ifconfig_vlan1=vlan 100 vlandev fxp1 up In the above please note the ups, if they arn't up then it wont bridge. Now setup the bridge, again noticing the up. ifconfig_bridge0=addm vlan0 addm vlan1 up It should now be working, watch the kernel console and the cisco's logs to see if there are any mismatches or bridging loops. It also seems that you have to put the up at the end of these commands, it took an hour of debugging last night after I had put the up at the start of the ifconfig_vlan lines. Give it a go, send a reply to both me and the list if you are still stuck, Pete. -- Peter Wood :: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bridging a Cisco Trunk
Hi all, I have two cisco switches, configured to put ports 2-6 on each of them into vlan 100. Then I have port 1 on both set to trunk between the two switches. If I have a device on port 2 on switch1 it can ping a device on port 2 on switch2. If I break the link between the two switches, and try to bridge that trunk with a freebsd box, I can't get it right. Does anyone have any specific advice? As I understand it I should just be able to bridge my two interfaces, I have created vlan100 interfaces bound to each though and bridged them as well just to be sure - neither option works... Any advice? Thanks in advance Dave P.s. please copy me as I'm not on the list ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging a Cisco Trunk
Dave, I have two cisco switches, configured to put ports 2-6 on each of them into vlan 100. Then I have port 1 on both set to trunk between the two switches. If I have a device on port 2 on switch1 it can ping a device on port 2 on switch2. I do this quite often, and it works very well on 6.0 for me. You haven't mentioned what version your using, but I will assume you have if_bridge. If you don't and you're gonna use this machine alot for bridging, I'd recommend moving to 6.0. So presumably, you have two interfaces, plugged into the trunk port on each cisco. For arguements sake, we'll say you have an fxp0 and fxp1. So first step is you need to make sure these two interfaces are up, very important, if they arn't, then it wont work. It's easy to forget if you arn't assigning IP's to them. Remove polling if you don't have it compiled into the kernel, but again if you're gonna be bridging packets alot, get it compiled in. It helps alot. ifconfig_fxp0=up polling ifconfig_fxp1=up polling Now create the vlans (and the bridge for later on). cloned_interfaces=vlan0 vlan1 bridge0 ifconfig_vlan0=vlan 100 vlandev fxp0 up ifconfig_vlan1=vlan 100 vlandev fxp1 up In the above please note the ups, if they arn't up then it wont bridge. Now setup the bridge, again noticing the up. ifconfig_bridge0=addm vlan0 addm vlan1 up It should now be working, watch the kernel console and the cisco's logs to see if there are any mismatches or bridging loops. It also seems that you have to put the up at the end of these commands, it took an hour of debugging last night after I had put the up at the start of the ifconfig_vlan lines. Give it a go, send a reply to both me and the list if you are still stuck, Pete. -- Peter Wood :: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging a Cisco Trunk
--- Peter Wood [EMAIL PROTECTED] wrote: Dave, I have two cisco switches, configured to put ports 2-6 on each of them into vlan 100. Then I have port 1 on both set to trunk between the two switches. If I have a device on port 2 on switch1 it can ping a device on port 2 on switch2. I do this quite often, and it works very well on 6.0 for me. You haven't mentioned what version your using, but I will assume you have if_bridge. If you don't and you're gonna use this machine alot for bridging, I'd recommend moving to 6.0. So presumably, you have two interfaces, plugged into the trunk port on each cisco. For arguements sake, we'll say you have an fxp0 and fxp1. So first step is you need to make sure these two interfaces are up, very important, if they arn't, then it wont work. It's easy to forget if you arn't assigning IP's to them. Remove polling if you don't have it compiled into the kernel, but again if you're gonna be bridging packets alot, get it compiled in. It helps alot. ifconfig_fxp0=up polling ifconfig_fxp1=up polling Here we go again with polling. If it helps alot, did you ever think that maybe interrupt processing on the OS is broken? Because at best it should make a nominal difference. We've already established that FreeBSD doesn't properly account for CPU usage when polling, so what's alot better about it? fxp controllers are hard coded to interrupt a maximum of 6000 times per second, which on a modern CPU isn't going to make a noticable difference. In fact 1000 HZ ticks per second probably has just as much overhead with all the other crap it has to do on each tick. DragonflyBSD doesn't even support polling because is *should* be a waste of time (do you think that Matt Dillon is clueless also?). I'm really baffled by the lack of understanding of this subject by virtually everyone in FreeBSDland. DT __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: qemu and bridging
here is the solution: http://qemu.dad-answers.com/viewtopic.php?t=554 Jan ZACH wrote: Hi, I'm configuring qemu. Everything works fine except networking between the bsd host and the qemu computer (I cannot ping from bsd to qemu and vice versa). Networking with other computers works fine. Am I missing anything in my configuration? Thanks a lot Jan bge0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=1aTXCSUM,VLAN_MTU,VLAN_HWTAGGING inet 10.10.100.120 netmask 0xff00 broadcast 10.10.100.255 ether 00:0f:1f:b9:ff:fb media: Ethernet autoselect (100baseTX full-duplex) status: active plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 tap0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 ether 00:bd:98:a7:01:00 Opened by PID 849 DestinationGatewayFlagsRefs Use Netif Expire default10.10.100.1UGS 014167 bge0 10.10.100/24 link#1 UC 00 bge0 10.10.100.100:50:7f:25:2d:e0 UHLW20 bge0 1183 10.10.100.122 52:54:00:12:34:56 UHLW11 bge0 1195 --- qemu computer localhost localhost UH 0 495lo0 kldstat Id Refs AddressSize Name 41 0xc07c3000 4188 if_tap.ko 161 0xc0821000 be20 kqemu.ko 171 0xc082d000 9150 bridge.ko 211 0xc1e44000 d000 ipfw.ko net.link.ether.bridge_cfg: bge0,tap0 net.link.ether.bridge_ipfw: 0 net.link.ether.bridge_ipf: 0 net.link.ether.bridge.config: bge0,tap0 net.link.ether.bridge.enable: 1 net.link.ether.bridge.predict: 0 net.link.ether.bridge.dropped: 0 net.link.ether.bridge.packets: 11863 net.link.ether.bridge.ipfw_collisions: 0 net.link.ether.bridge.ipfw_drop: 0 net.link.ether.bridge.copy: 0 net.link.ether.bridge.ipfw: 0 net.link.ether.bridge.ipf: 0 net.link.ether.bridge.debug: 0 net.link.ether.bridge.version: 031224 net.link.gif.parallel_tunnels: 0 net.link.gif.max_nesting: 1 net.link.log_link_state_change: 1 net.link.tap.debug: 0 net.link.tap.user_open: 1 qemu option to run net: -net nic -net tap,ifname=tap0 qeumu computer is running winxp with dhcp enabled ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
qemu and bridging
Hi, I'm configuring qemu. Everything works fine except networking between the bsd host and the qemu computer (I cannot ping from bsd to qemu and vice versa). Networking with other computers works fine. Am I missing anything in my configuration? Thanks a lot Jan bge0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=1aTXCSUM,VLAN_MTU,VLAN_HWTAGGING inet 10.10.100.120 netmask 0xff00 broadcast 10.10.100.255 ether 00:0f:1f:b9:ff:fb media: Ethernet autoselect (100baseTX full-duplex) status: active plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 tap0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 ether 00:bd:98:a7:01:00 Opened by PID 849 DestinationGatewayFlagsRefs Use Netif Expire default10.10.100.1UGS 014167 bge0 10.10.100/24 link#1 UC 00 bge0 10.10.100.100:50:7f:25:2d:e0 UHLW20 bge0 1183 10.10.100.122 52:54:00:12:34:56 UHLW11 bge0 1195 --- qemu computer localhost localhost UH 0 495lo0 kldstat Id Refs AddressSize Name 41 0xc07c3000 4188 if_tap.ko 161 0xc0821000 be20 kqemu.ko 171 0xc082d000 9150 bridge.ko 211 0xc1e44000 d000 ipfw.ko net.link.ether.bridge_cfg: bge0,tap0 net.link.ether.bridge_ipfw: 0 net.link.ether.bridge_ipf: 0 net.link.ether.bridge.config: bge0,tap0 net.link.ether.bridge.enable: 1 net.link.ether.bridge.predict: 0 net.link.ether.bridge.dropped: 0 net.link.ether.bridge.packets: 11863 net.link.ether.bridge.ipfw_collisions: 0 net.link.ether.bridge.ipfw_drop: 0 net.link.ether.bridge.copy: 0 net.link.ether.bridge.ipfw: 0 net.link.ether.bridge.ipf: 0 net.link.ether.bridge.debug: 0 net.link.ether.bridge.version: 031224 net.link.gif.parallel_tunnels: 0 net.link.gif.max_nesting: 1 net.link.log_link_state_change: 1 net.link.tap.debug: 0 net.link.tap.user_open: 1 qemu option to run net: -net nic -net tap,ifname=tap0 qeumu computer is running winxp with dhcp enabled ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bridging VLAN's
Hi all, I've done some research on bridging vlans and can't get it right with FreeBSD bridge. What I want to do is bridge an undefined number of vlans through a BSD machine. For example. Vlan 10 from em0 out em1. Now I can't create each vlan and bridge those, because you can't have a vlan10 bound to em0 and to em1, if you create different ones and bridge them the packet comes in on the right vlan but leaves tagged for the wrong one. I read a cisco book that suggests you can bridge normally (just em0,em1) if you set the mtu to 1496, which didn't work. I also googled someone saying 1504 - also not working. Does anyone have any advice? Thanks Dave ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bridging of virtual interface and sis0
Hi, This what I would like to do ... Switch -[sis0 bridge ngeth0.(mesh protocol).ath0] -wireless- [ath0.(mesh proto).ngeth0 bridge sis0] - switch The above configuration should allow me to have layer 2 access from the switch to switch. It's either I'm doing something wrong or it is not possible... If I replace the bridge functionality in each of the box with routing then it works. But this means that I have to configure each of the virtual interfaces and sis0 interfaces for each of the box and run routed (i.e. operating at layer 3 instead of layer 2). I use the standard ng_bridge example to bridge BRIDGE_IFACES=ngeth0 sis0 LOCAL_IFACE=sis0 ... So the question I have is will ng_bridge code work accross virtual ethernet interface. Thanks, Huy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
5.4 -- bridging, ipfw, dot1q
Okay, here's the situation. PLEASE let me know if there's a better place to ask. (isp@, kernel@, something) I'm setting up a bridging firewall where the packets are passing through on dot1q trunks. The bridge works. Packet counts work (so I assume the bridge at least sees the packets). Problem is, any reasonable rules (such as those which actually say to block traffic by ip or port or anything) aren't working at all. Not even logging counts. Setting the bridged flag doesn't seem to help. My only guess is that ipfw doesn't have the brains to look beyond the VLAN tags. Is this the case? Is this supported under 4.x, or is there any way AT ALL that I can get this to work? As a note, snort and trafshow and everything else work fine analyzing the bridge traffic, it seems only the kernel has an issue. -- Of course she's gonna be upset! You're dealing with a woman here Dan, what the hell's wrong with you? -S. Kennedy, 11/11/01 Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.4 -- bridging, ipfw, dot1q
At 09:08 PM 8/11/2005, Dan Mahoney, System Admin wrote: Okay, here's the situation. PLEASE let me know if there's a better place to ask. (isp@, kernel@, something) I'm setting up a bridging firewall where the packets are passing through on dot1q trunks. The bridge works. Packet counts work (so I assume the bridge at least sees the packets). Problem is, any reasonable rules (such as those which actually say to block traffic by ip or port or anything) aren't working at all. Not even logging counts. Setting the bridged flag doesn't seem to help. Which bridged flag would that be? My only guess is that ipfw doesn't have the brains to look beyond the VLAN tags. Is this the case? Is this supported under 4.x, or is there any way AT ALL that I can get this to work? What version are you using? You mention 4.x here, but your subject line suggests 5.4. As a note, snort and trafshow and everything else work fine analyzing the bridge traffic, it seems only the kernel has an issue. Do you have the net.link.ether.bridge_ipfw sysctl set to 1? -Glenn -- Of course she's gonna be upset! You're dealing with a woman here Dan, what the hell's wrong with you? -S. Kennedy, 11/11/01 Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.4 -- bridging, ipfw, dot1q
On Thu, 11 Aug 2005, Glenn Dawson wrote: At 09:08 PM 8/11/2005, Dan Mahoney, System Admin wrote: Okay, here's the situation. PLEASE let me know if there's a better place to ask. (isp@, kernel@, something) I'm setting up a bridging firewall where the packets are passing through on dot1q trunks. The bridge works. Packet counts work (so I assume the bridge at least sees the packets). Problem is, any reasonable rules (such as those which actually say to block traffic by ip or port or anything) aren't working at all. Not even logging counts. Setting the bridged flag doesn't seem to help. Which bridged flag would that be? In the ipfw rule in question (which the ipfw command turns into layer2) i.e. fw# ipfw add 310 count ip from any to 56.199.242.178 bridged 00310 count ip from any to 56.199.242.178 layer2 fw# ipfw show 00200 00 deny udp from any to any dst-port 1433 0030097147200 deny tcp from any to any dst-port 1433 00310 00 count ip from any to 56.199.242.178 layer2 00330 144629234 70747652177 count ip from any to any layer2 00340 00 count ip from any to 56.199.242.82 layer2 003501146497505249814 count ip from any to 55.125.224.0/19 via em1 00360 154009046 73153382415 allow log logamount 100 ip from any to any 65535 1078777549 484619628567 allow ip from any to any (such a rule would report zero traffic, even when trafshow, snort, tcpdump all show there's a ton). My only guess is that ipfw doesn't have the brains to look beyond the VLAN tags. Is this the case? Is this supported under 4.x, or is there any way AT ALL that I can get this to work? What version are you using? You mention 4.x here, but your subject line suggests 5.4. Yes, I'm running 5.4, but asking if it may have been supported earlier on in the OS (with ipfw1 -- since I know it lacks the ability to even really do many mac-like things). As a note, snort and trafshow and everything else work fine analyzing the bridge traffic, it seems only the kernel has an issue. Do you have the net.link.ether.bridge_ipfw sysctl set to 1? fw# sysctl -a|grep net|grep ipfw net.link.ether.bridge.ipfw: 1 net.link.ether.bridge.ipfw_drop: 0 net.link.ether.bridge.ipfw_collisions: 1021 net.link.ether.bridge_ipfw: 1 net.link.ether.ipfw: 0 Need anything else? -Dan -- The first annual 5th of July party...have you been invited? It's a Jack Party. Okay, so Long Island's been invited. --Cali and Gushi, 6/23/02 Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bridging
Sushubh [EMAIL PROTECTED] writes: I am going to install FreeBSD on a machine we plan to make a server. Now, we have 2 lines of internet coming to our place through 2 separate lan modems. I want the server to take these 2 lines and combine the speeds to form a single line which can be used by our lan to access the internet. I have got 3 lan cards on the linux machine. 2 for the incoming connections from the 2 lan modems which have the gateways 192.168.1.1 and 192.168.1.100. How do I go ahead with making my server a gateway offering combined bandwidth to our lan? I'm not sure I understand your message, but: How do you do it with the Linux machine? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bridging
their is a bridge software in linux which can do that... http://bridge.sourceforge.com On 20 Jul 2005 09:38:22 -0400, Lowell Gilbert [EMAIL PROTECTED] wrote: Sushubh [EMAIL PROTECTED] writes: I am going to install FreeBSD on a machine we plan to make a server. Now, we have 2 lines of internet coming to our place through 2 separate lan modems. I want the server to take these 2 lines and combine the speeds to form a single line which can be used by our lan to access the internet. I have got 3 lan cards on the linux machine. 2 for the incoming connections from the 2 lan modems which have the gateways 192.168.1.1http://192.168.1.1 and 192.168.1.100 http://192.168.1.100. How do I go ahead with making my server a gateway offering combined bandwidth to our lan? I'm not sure I understand your message, but: How do you do it with the Linux machine? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bridging
Don't top-post, please. On 20 Jul 2005 09:38:22 -0400, Lowell Gilbert [EMAIL PROTECTED] wrote: Sushubh [EMAIL PROTECTED] writes: I am going to install FreeBSD on a machine we plan to make a server. Now, we have 2 lines of internet coming to our place through 2 separate lan modems. I want the server to take these 2 lines and combine the speeds to form a single line which can be used by our lan to access the internet. I have got 3 lan cards on the linux machine. 2 for the incoming connections from the 2 lan modems which have the gateways 192.168.1.1http://192.168.1.1 and 192.168.1.100 http://192.168.1.100. How do I go ahead with making my server a gateway offering combined bandwidth to our lan? I'm not sure I understand your message, but: How do you do it with the Linux machine? Sushubh [EMAIL PROTECTED] writes: their is a bridge software in linux which can do that... http://bridge.sourceforge.net That doesn't do what you described. That's just regular bridging, to connect two links into a single subnet. FreeBSD can do that quite well (there's a whole chapter titled bridging in the FreeBSD Handbook), but it doesn't have anything to do with load balancing across the two links, which is what you said you were after. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bridging
Lowell Gilbert wrote: Don't top-post, please. On 20 Jul 2005 09:38:22 -0400, Lowell Gilbert [EMAIL PROTECTED] wrote: Sushubh [EMAIL PROTECTED] writes: I am going to install FreeBSD on a machine we plan to make a server. Now, we have 2 lines of internet coming to our place through 2 separate lan modems. I want the server to take these 2 lines and combine the speeds to form a single line which can be used by our lan to access the internet. I have got 3 lan cards on the linux machine. 2 for the incoming connections from the 2 lan modems which have the gateways 192.168.1.1http://192.168.1.1 and 192.168.1.100 http://192.168.1.100. How do I go ahead with making my server a gateway offering combined bandwidth to our lan? I'm not sure I understand your message, but: How do you do it with the Linux machine? Sushubh [EMAIL PROTECTED] writes: their is a bridge software in linux which can do that... http://bridge.sourceforge.net That doesn't do what you described. That's just regular bridging, to connect two links into a single subnet. FreeBSD can do that quite well (there's a whole chapter titled bridging in the FreeBSD Handbook), but it doesn't have anything to do with load balancing across the two links, which is what you said you were after. I think Lowell is right; bridging is not routing and is not going to load balance your ISP links. Even if you figure out how to make FreeBSD route your outbound traffic as if the two lines were one, it cannot really work unless both lines go to the same ISP router and they cooperate with you. They'd have to configure their router to treat the two lines as one, to load balance your inbound traffic. For example, we have multiple ISP links (one fiber optic and two T-1 lines) all from the same ISP. The two T-1 lines are configured with load balancing to effectively form a combined 3 Mbps link (but this is done with Cisco IOS, not FreeBSD). Even though they all go into the same router on our end, the two T-1 lines cannot be load balanced with the fiber link because the fiber and T-1 lines end in two different ISP routers on the far side (actually in two different POPs). So, we just have the ISP router configured to use the fiber if it's up, or to use the combined T-1's if fiber goes down. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) gregb at scls.lib.wi.us, (608) 266-6348 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
bridging
I am going to install FreeBSD on a machine we plan to make a server. Now, we have 2 lines of internet coming to our place through 2 separate lan modems. I want the server to take these 2 lines and combine the speeds to form a single line which can be used by our lan to access the internet. I have got 3 lan cards on the linux machine. 2 for the incoming connections from the 2 lan modems which have the gateways 192.168.1.1 and 192.168.1.100. How do I go ahead with making my server a gateway offering combined bandwidth to our lan? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bridging and IPFW
I'm not so sure about your case. But as for as I know, all coming traffics catch the first rule ( as you stated .. any MAC any) before the second one so only the counter of the first rule is increment. No more for the second rule. pjn Yes and no. In any case, I have tried assigning them different rule numbers but it doesn't change anything. Second one still doesn't get looked at. George _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bridging and IPFW
Hey guys, hope I posted this to the right list! I recently installed version 5.4 on a computer that acts as a gateway/firewall/bridge for a LAN. There are 30 or so computers sitting behind interface rl1 which has no IP address assigned. rl1 is bridged to rl0 which is the external interface and which has all the proper IP's assigned. The bridge is functioning perfectly but the problem comes when I try to filter - using ipfw - by MAC address. Here are the relevant sysctl variables ( hope I set them all! ) net.link.ether.bridge.enable: 1 net.link.ether.bridge.config: rl0:0,rl1:0 net.link.ether.bridge_ipfw: 1 net.link.ether.ipfw: 1 According to what I have read, using ipfw2 I should now be able to properly filter by MAC address..so I wrote up some rules! $IPFW 10 add allow ip from any to any MAC any 00:0E:A6:02:4D:A4 $IPFW 10 add allow ip from any to any MAC 00:0E:A6:02:4D:A4 any The problem is that I am getting hits on only ONE of these rules and that's the first one. Nothing hits the second one! In total I have 3 rules - these two and the last one which is allow ip from any to any So it looks like this: 00010142169205532194 allow ip from any to any MAC any 00:0e:a6:02:4d:a4 00010 00 allow ip from any to any MAC 00:0e:a6:02:4d:a4 any 65535 194369376 164135836653 allow ip from any to any I have tried adding various other options, like in via rl1, out via rl1, bridged, etc to no avail. Second rule isn't hit by anything! Theoretically, it should be - if I add rule #20 that says deny ip from any to any, my computer can no longer pass through the gateway although my MAC is listed in rule #10. I really am at a loss of ideas as to what might be causing this, especially since I already did this one and it worked fine on 4.10. Any input would be appreciated. Thanks! George ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging and IPFW
On 6/1/05, George Breahna [EMAIL PROTECTED] wrote: ... According to what I have read, using ipfw2 I should now be able to properly filter by MAC address..so I wrote up some rules! $IPFW 10 add allow ip from any to any MAC any 00:0E:A6:02:4D:A4 $IPFW 10 add allow ip from any to any MAC 00:0E:A6:02:4D:A4 any Is it intentional that both rules have the same number, 10? -- Dmitry We live less by imagination than despite it - Rockwell Kent, N by E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Bridging and IPFW
Yes and no. In any case, I have tried assigning them different rule numbers but it doesn't change anything. Second one still doesn't get looked at. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dmitry Mityugov Sent: Wednesday, June 01, 2005 11:43 AM To: George Breahna Cc: freebsd-questions@freebsd.org Subject: Re: Bridging and IPFW On 6/1/05, George Breahna [EMAIL PROTECTED] wrote: ... According to what I have read, using ipfw2 I should now be able to properly filter by MAC address..so I wrote up some rules! $IPFW 10 add allow ip from any to any MAC any 00:0E:A6:02:4D:A4 $IPFW 10 add allow ip from any to any MAC 00:0E:A6:02:4D:A4 any Is it intentional that both rules have the same number, 10? -- Dmitry We live less by imagination than despite it - Rockwell Kent, N by E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging and IPFW
On 6/1/05, George Breahna [EMAIL PROTECTED] wrote: .. According to what I have read, using ipfw2 I should now be able to properly filter by MAC address..so I wrote up some rules! $IPFW 10 add allow ip from any to any MAC any 00:0E:A6:02:4D:A4 $IPFW 10 add allow ip from any to any MAC 00:0E:A6:02:4D:A4 any Is it intentional that both rules have the same number, 10? -- Not entirely sure, but will setting the sysctl net.inet.ip.fw.one_pass to 0 help? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Bridging and IPFW
Tried that one myself, but I tried it again. No impact whatsoever! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colin House Sent: Wednesday, June 01, 2005 3:27 PM To: George Breahna Cc: freebsd-questions@freebsd.org Subject: Re: Bridging and IPFW On 6/1/05, George Breahna [EMAIL PROTECTED] wrote: .. According to what I have read, using ipfw2 I should now be able to properly filter by MAC address..so I wrote up some rules! $IPFW 10 add allow ip from any to any MAC any 00:0E:A6:02:4D:A4 $IPFW 10 add allow ip from any to any MAC 00:0E:A6:02:4D:A4 any Is it intentional that both rules have the same number, 10? -- Not entirely sure, but will setting the sysctl net.inet.ip.fw.one_pass to 0 help? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tap interface, bridging and freebsd 5.3
Thank you for your answers ... Ruben, just a question. How could I check if my tap device works great or not? I've already tryed unlucky with tcpdump: I see nothing, even if the tap0 is in promiscue mode. Could you help my troubleshooting? Thanks for your support Regards Andrea ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tap interface, bridging and freebsd 5.3
Andrea Riela wrote: Hi folks, I would test openvpn with bridging options, then I need a tap interface. I've compiled my kernel with devicetap then 'kldload if_tap' via command line These are mutually exclusive: either you compile your kernel with tap or you load it as a module, not both. but I don't see a tap interface in /dev or with ifconfig ... You won't see any network interface in /dev; just run ifconfig -a and check: you won't find any of the listed devices in /dev. Obviously: tcpdump -i tap0 tcpdump: BIOCSETIF: tap0: Device not configured taps will come up when some programs activates it. Once you have openvpn correctly running, you'll see tap0 in ifconfig's output and you'll be able to run tcpdump against it. bye av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tap interface, bridging and freebsd 5.3
On Mon, Feb 28, 2005 at 12:18:55PM +0100, Andrea Venturoli typed: Andrea Riela wrote: but I don't see a tap interface in /dev or with ifconfig ... You won't see any network interface in /dev; just run ifconfig -a and check: you won't find any of the listed devices in /dev. That's right; they live in /dev/net/ : ifconfig -l rl0 plip0 lo0 tun0 ppp0 ls -l /dev/net total 0 crw--- 1 root wheel 253, 3 Feb 12 07:23 lo0 crw--- 1 root wheel 253, 2 Feb 12 07:23 plip0 crw--- 1 root wheel 253, 5 Feb 12 07:23 ppp0 crw--- 1 root wheel 253, 1 Feb 12 07:23 rl0 crw--- 1 root wheel 253, 4 Feb 12 07:23 tun0 Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tap interface, bridging and freebsd 5.3
Ruben de Groot wrote: On Mon, Feb 28, 2005 at 12:18:55PM +0100, Andrea Venturoli typed: Andrea Riela wrote: but I don't see a tap interface in /dev or with ifconfig ... You won't see any network interface in /dev; just run ifconfig -a and check: you won't find any of the listed devices in /dev. That's right; they live in /dev/net/ : Nice to know :) Is this new to 5.x? I don't see them in a 4.11 system... bye Thanks av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
tap interface, bridging and freebsd 5.3
Hi folks, I would test openvpn with bridging options, then I need a tap interface. I've compiled my kernel with device tap then 'kldload if_tap' via command line, but I don't see a tap interface in /dev or with ifconfig ... Obviously: tcpdump -i tap0 tcpdump: BIOCSETIF: tap0: Device not configured Could you help me? Thank you very much Regards Andrea ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireless-to-wired bridging
Not so much a Microsoft thing as a general networking thing. I would like for netbios traffic to work correctly for windows file sharing/samba, as well as broadcast LAN traffic for gaming and the like. I _could_ alter bridge.c to always return a copy of the packet to the caller, but that would just be a quick hack and I don't even know if it would work. Dummynet works on the IP level, so it wouldn't solve my problem. Else I'd jump all over it. =( On 2/13/2005, Lowell Gilbert [EMAIL PROTECTED] wrote: Reid Linnemann [EMAIL PROTECTED] writes: I'm bridging the devices so that the wired and wireless nets will appear to be on the same physical network to eachother. Well, yes, that's what bridging means. Why do you want that? [Is it a Microsoft thing?] I think I was really tired when I wrote my original email.. so let me rewrite my hypothesis: I am suspicious that, since the wireless interface on the BSD machine operates in AP mode, if a wireless client wants to send a packet to another wireless client, it must be first sent to the wireless interface of the BSD machine, which should theoretically redirect the packet to the appropriate host on the wireless net. In the wired network, a switch handles this case automagically on the datalink layer before any messages can hit the rl1 interface of the BSD router. I've looked at the bridge code, and it seems that unless a packet is multicast or broadcast it will be copied to the other bridged interfaces but not returned to the original caller. Since the packets being sent from one wireless client to another are not broadcast, I think that the bridge module may be dumping them into the black hole of the wired LAN, and they are not being processed and pumped back out through the ath interface. Is this a correct assumption? Are there ways I can overcome this problem? On a quick look, I think you might be on the right track. The bridging code seems in a number of spots to be built specifically for Ethernet. I have always maintained that bridging unlike media was a hack bound for problems... You might have more success using dummynet for bridging rather than trying to fix things in the protocol stack. Good luck. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireless-to-wired bridging
On 2/13/2005, Lowell Gilbert [EMAIL PROTECTED] wrote: On a quick look, I think you might be on the right track. The bridging code seems in a number of spots to be built specifically for Ethernet. I have always maintained that bridging unlike media was a hack bound for problems... You might have more success using dummynet for bridging rather than trying to fix things in the protocol stack. Good luck. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ Yeah, I can definitely see that. After a little more thinking and grokking of the code I realized that my theory is (most likely) wrong. I am stumped for now, but I'm going to try to solve the problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireless-to-wired bridging
Reid Linnemann [EMAIL PROTECTED] writes: I'm bridging the devices so that the wired and wireless nets will appear to be on the same physical network to eachother. Well, yes, that's what bridging means. Why do you want that? [Is it a Microsoft thing?] I think I was really tired when I wrote my original email.. so let me rewrite my hypothesis: I am suspicious that, since the wireless interface on the BSD machine operates in AP mode, if a wireless client wants to send a packet to another wireless client, it must be first sent to the wireless interface of the BSD machine, which should theoretically redirect the packet to the appropriate host on the wireless net. In the wired network, a switch handles this case automagically on the datalink layer before any messages can hit the rl1 interface of the BSD router. I've looked at the bridge code, and it seems that unless a packet is multicast or broadcast it will be copied to the other bridged interfaces but not returned to the original caller. Since the packets being sent from one wireless client to another are not broadcast, I think that the bridge module may be dumping them into the black hole of the wired LAN, and they are not being processed and pumped back out through the ath interface. Is this a correct assumption? Are there ways I can overcome this problem? On a quick look, I think you might be on the right track. The bridging code seems in a number of spots to be built specifically for Ethernet. I have always maintained that bridging unlike media was a hack bound for problems... You might have more success using dummynet for bridging rather than trying to fix things in the protocol stack. Good luck. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireless-to-wired bridging
Reid Linnemann [EMAIL PROTECTED] writes: I have a question that is more of a networking question than a BSD question, but I am hoping someone out there has faced this same dilemma before and has some advice: I have a FreeBSD machine running -current that servers as a router for my home LAN, using nat. I recently tossed in a DLink DWL-G520 wireless card (ath0), and bridged that interface to the internal LAN interface on the machine (rl1). After a bit of configurating, I had the ath interface in hostap mode, and everything was working great - except the wired clients cannot route to eachother. I am suspicious that, since the wired network is in AP mode, if a wireless client wants to send a packet to another wireless client, it must be sent to the AP, which should theoretically redirect the packet to the appropriate host on the wireless net. In the wired network, a switch handles this automagically on the datalink layer without those messages hitting the rl1 interface of the BSD router. I've looked at the bridge code, and it seems that unless a packet is multicast or broadcast it will be copied to the other bridge interfaces but not returned to the original caller. Since the packets being sent between wireless clients are not broadcast, I think they are getting dumped into the black hole of the wired LAN, and not being processed and pumped back out through the ath interface. Is this a correct assumption? Are there ways I can overcome this problem? I think that you mixed up the terms wired and wireless in some (but not all) of the uses above. This makes it somewhat harder to follow the problem. I would actually suggest that you make the wireless link a separate subnet from the Ethernets. 802.11 really is a different protocol than 802.1, and I don't think you'll get any performance benefit from bridging in this case. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireless-to-wired bridging
On 2/11/2005, Lowell Gilbert [EMAIL PROTECTED] wrote: Reid Linnemann [EMAIL PROTECTED] writes: I have a question that is more of a networking question than a BSD question, but I am hoping someone out there has faced this same dilemma before and has some advice: I have a FreeBSD machine running -current that servers as a router for my home LAN, using nat. I recently tossed in a DLink DWL-G520 wireless card (ath0), and bridged that interface to the internal LAN interface on the machine (rl1). After a bit of configurating, I had the ath interface in hostap mode, and everything was working great - except the wired clients cannot route to eachother. I am suspicious that, since the wired network is in AP mode, if a wireless client wants to send a packet to another wireless client, it must be sent to the AP, which should theoretically redirect the packet to the appropriate host on the wireless net. In the wired network, a switch handles this automagically on the datalink layer without those messages hitting the rl1 interface of the BSD router. I've looked at the bridge code, and it seems that unless a packet is multicast or broadcast it will be copied to the other bridge interfaces but not returned to the original caller. Since the packets being sent between wireless clients are not broadcast, I think they are getting dumped into the black hole of the wired LAN, and not being processed and pumped back out through the ath interface. Is this a correct assumption? Are there ways I can overcome this problem? I think that you mixed up the terms wired and wireless in some (but not all) of the uses above. This makes it somewhat harder to follow the problem. I would actually suggest that you make the wireless link a separate subnet from the Ethernets. 802.11 really is a different protocol than 802.1, and I don't think you'll get any performance benefit from bridging in this case. I'm bridging the devices so that the wired and wireless nets will appear to be on the same physical network to eachother. I think I was really tired when I wrote my original email.. so let me rewrite my hypothesis: I am suspicious that, since the wireless interface on the BSD machine operates in AP mode, if a wireless client wants to send a packet to another wireless client, it must be first sent to the wireless interface of the BSD machine, which should theoretically redirect the packet to the appropriate host on the wireless net. In the wired network, a switch handles this case automagically on the datalink layer before any messages can hit the rl1 interface of the BSD router. I've looked at the bridge code, and it seems that unless a packet is multicast or broadcast it will be copied to the other bridged interfaces but not returned to the original caller. Since the packets being sent from one wireless client to another are not broadcast, I think that the bridge module may be dumping them into the black hole of the wired LAN, and they are not being processed and pumped back out through the ath interface. Is this a correct assumption? Are there ways I can overcome this problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
wireless-to-wired bridging
I have a question that is more of a networking question than a BSD question, but I am hoping someone out there has faced this same dilemma before and has some advice: I have a FreeBSD machine running -current that servers as a router for my home LAN, using nat. I recently tossed in a DLink DWL-G520 wireless card (ath0), and bridged that interface to the internal LAN interface on the machine (rl1). After a bit of configurating, I had the ath interface in hostap mode, and everything was working great - except the wired clients cannot route to eachother. I am suspicious that, since the wired network is in AP mode, if a wireless client wants to send a packet to another wireless client, it must be sent to the AP, which should theoretically redirect the packet to the appropriate host on the wireless net. In the wired network, a switch handles this automagically on the datalink layer without those messages hitting the rl1 interface of the BSD router. I've looked at the bridge code, and it seems that unless a packet is multicast or broadcast it will be copied to the other bridge interfaces but not returned to the original caller. Since the packets being sent between wireless clients are not broadcast, I think they are getting dumped into the black hole of the wired LAN, and not being processed and pumped back out through the ath interface. Is this a correct assumption? Are there ways I can overcome this problem? Thanks, Reid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireless-to-wired bridging
RL I have a question that is more of a networking question than a BSD RL question, but I am hoping someone out there has faced this same dilemma RL before and has some advice: RL I have a FreeBSD machine running -current that servers as a router for my RL home LAN, using nat. I recently tossed in a DLink DWL-G520 wireless card RL (ath0), and bridged that interface to the internal LAN interface on the RL machine (rl1). After a bit of configurating, I had the ath interface in RL hostap mode, and everything was working great - except the wired clients RL cannot route to eachother. RL I am suspicious that, since the wired network is in AP mode, if a RL wireless client wants to send a packet to another wireless client, it RL must be sent to the AP, which should theoretically redirect the packet RL to the appropriate host on the wireless net. In the wired network, a RL switch handles this automagically on the datalink layer without those RL messages hitting the rl1 interface of the BSD router. I've looked at RL the bridge code, and it seems that unless a packet is multicast or RL broadcast it will be copied to the other bridge interfaces but not RL returned to the original caller. Since the packets being sent between RL wireless clients are not broadcast, I think they are getting dumped into RL the black hole of the wired LAN, and not being processed and pumped back RL out through the ath interface. Is this a correct assumption? Are there RL ways I can overcome this problem? RL Thanks, RL Reid RL ___ RL freebsd-questions@freebsd.org mailing list RL http://lists.freebsd.org/mailman/listinfo/freebsd-questions RL To unsubscribe, send any mail to [EMAIL PROTECTED] - I can not really follow your train of thought :( What do you want to send to whom and what does nut funtion ? Regards Hexren ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Packet drop in bridging
Hi, I have a firewall in bridging mode, using ipf. I upgraded to 4.10-p5 and now I have a bunch of error message: bdg_forward drop MULTICAST PKT /usr/src/sys/net/if_ethersubr.c line 609 Any clue what I am missing (sysctl or kernel) Thank you, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
bridging tapX interfaces only
I have been trying to create an isolated virtual LAN with the following configuration. A single FreeBSD v4.10 server with one physical NIC (fxp0) is connected to two remote client Windows XP machines via OpenVPN tunnels. OpenVPN v1.6 on the server and v2.0 on the clients. There are therefore two virtual ethernet devices, tap0 and tap1, active on the server. tap0 is assigned an IP address, but tap1 is not. Each client is assigned an IP address - all three machines are in the same subnet, which is different from any other subnets these machines may be exposed to. I then use bridge(4) to bridge tap0 and tap1. Note that I do not include fxp0 in the bridge. Neither client Windows machine bridges its tap device to its physical NIC. None of the machines enable packet forwarding or routing between the virtual LAN and any other LAN. The result is an isolated virtual LAN on which there are three hosts: the server and two clients. The FreeBSD server is running two independent Samba services, one bound to the fxp0 interface only and the other bound to the tap0 IP address only. The fxp0 Samba serves a local physical LAN and the tap0 Samba serves the virtual LAN. Neither the FreeBSD server nor the client machines are screening their connections to the virtual LAN with software firewalls. The result is a fully functional virtual LAN with one nagging problem I cannot solve. The two client machines can use the Network Neighborhood to browse to each other without problem. The clients' users can also specify the hosts by NetBIOS name. The client connected to tap0 can browse to the Samba server without problem, or visit by NetBIOS name. The client connected to tap1, however, cannot browse to the Samba server, nor access it by NetBIOS name. If the tap1 client uses IP addresses to access the Samba server, everything works fine, so that makes it an nmbd-related issue. With the aid of ethereal, tcpdump, netcat, and Samba logs (at high verbosity levels) I have done enough experiments to learn the following. Both the clients see all broadcast packets sent by any of the three machines. The server sees all broadcast packets from the tap0 client. The tap1 client sees broadcast packets from the server. But,... although tcpdump sniffing either tap0 or tap1 sees broadcast packets from the tap1 client, Samba's nmbd daemon never sees those packets. I have ruled out Samba as the culprit by using netcat to send and receive broadcast packets instead, and found that netcat has the same problem as Samba's nmbd daemon. Since the nmbd daemon never sees broadcasts, it does not receive name queries from the tap1 client which kills NetBIOS browse/name functionality. If I move the server's virtual LAN IP address from tap0 to tap1, the problem is moved from the tap1 client to the tap0 client. Thus, I conclude it is not a client issue. Since the two clients can see each other's broadcast packets as well as those from the server, I believe this rules out OpenVPN as the culprit. It seems to me that this leaves the fault with either bridge(4) or the tap device driver. I do not want, nor does it seem possible or even useful, to assign an IP address to both tap0 and tap1. Despite scouring the 'Net as well as FreeBSD, OpenVPN, and Samba mailing lists, I have found no references to anyone attempting something like my configuration. In the most similar cases, the bridge always includes at least one physical NIC with either no IP address in the bridge or with the address assigned to the physical NIC. Can anyone help me with this problem? It smells like a bug, but perhaps I've misunderstood something somewhere. Carl ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 5.2.1 - Bridging problems
Hello, I'm trying to setup a bridge on my FreeBSD box as follows: 3 NIC's: - A realtek plugged into a ADSL modem (rl0), this one is not part of the bridge - Two 3Com 3c905C: xl0 works for months without problems and is connected to the LAN. The second card (xl1) has just been added. I'd like to connect another part of the LAN on it, so I thought bridging would be good. The machine hosting the bridge is my internet router, so every machine on the LAN has this machine as router. xl0 has an IP, xl1 has not (the handbook says better not to give an IP to the second NIC) I've set up the bridge as mentioned in the handbook: net.link.ether.bridge.enable=1 net.link.ether.bridge.config=xl0,xl1 net.link.ether.bridge.ipfw=1 ...all this in sysctl.conf. The module bridge.ko is loaded too, so everything should work fine. Here an excerpt of ifconfig: xl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=bRXCSUM,TXCSUM,VLAN_MTU inet6 fe80::210:5aff:fea6:4f65%xl0 prefixlen 64 scopeid 0x1 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 ether 00:10:5a:a6:4f:65 media: Ethernet autoselect (100baseTX full-duplex) status: active xl1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=bRXCSUM,TXCSUM,VLAN_MTU inet6 fe80::20a:5eff:fe45:b152%xl1 prefixlen 64 scopeid 0x3 ether 00:0a:5e:45:b1:52 media: Ethernet autoselect (100baseTX full-duplex) status: active So here's the problem: any client connected to xl0 can reach the clients on xl1 and vice-versa (this is good, yes), but NO way to see nor ping the router itself when trying from xl1!!! I believe this is very strange since the packets from xl1-side to xl0-side go thru the router. xl0-side clients CAN ping and access the router, xl1-side clients cannot. An 'arp -an' run on the router shows all xl0 clients, but nothing of xl1-sided clients. xl1-side clients have the same network config as the xl0 ones, obviously. Any clues really welcome! Thanks in advance. Kevin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Interface Bonding Bridging problem
I am not 100% sure of what I speak about. Bridge works in layer 2 i.e. the data link layer. The virtual interface does not have a data link layer so it is not possible to get the bridging done as the way you are saying Regards S. On Sat, 11 Sep 2004 17:42:09 +0300, SharkTECH Maillists [EMAIL PROTECTED] wrote: Hello, I have been running a FreeBSD 4.10-STABLE server having 3 nics installed but was using only 2 of them (1 for uplink and 1 for switch) to monitor, filter and shape my network and had absolutely no problems at all. However, in order to increase the ability of handling even more packets (especially while filtering incoming DDoS), I decided to get a 2nd uplink from backbone, connect it to em1, bond em0/em1 (uplinks) to ngeth0/fec0 (virtual interface) and bridge ngeth0/fec0 with em2 (switch link). In order for this to work, etherchanneling is enabled between uplink1/uplink2 at the backbone side. The problem is although bonding seems to work fine as I can assign IPs at fec0/ngeth0 and send/receive packet with both cards using the virtual interface, I cannot get bridging to work at all between ngeth0/fec0(virtual) and em2(switch). There are no errors in logs, it just doesn't seem to bridge. After doing a 2 days research in Google, FreeBSD maillists, web articles and asking for help in freebsdhelp IRC channels, I ended up that someone in FreeBSD maillists may be able to help me providing me a different bonding/bridging way or even by applying a patch. I was thinking that the solution may be to do both bonding bridging using netgraph, and not bridging using FreeBSD's kernel bridge. I'd be glad to try this but unfortunately I haven't figured out how, even after reading several articles. So if anyone can help me on this step-by-step, please do. I will appreciate any replies after you take a look at the diagrams and settings below, that are showing what exactly I have done until now. Best Regards, Angelos Pantazopoulos [EMAIL PROTECTED] SharkTECH Internet Services S E T T I N G S Using 1 uplink settings (works excellent) - #bridging# (options BRIDGE in kernel) ifconfig em0 -arp sysctl net.link.ether.bridge=1 sysctl net.link.ether.bridge_cfg=em0,em1 sysctl net.link.ether.bridge_ipfw=1 Using 2 uplinks with ng_fec (bridging problem) -- #bonding# kldload ng_ether kldload ng_fec ngctl mkpeer fec dummy fec ngctl msg fec0: add_iface 'em0' ngctl msg fec0: add_iface 'em1' ngctl msg fec0: set_mode_inet ifconfig em0 promisc ifconfig em1 promisc ifconfig fec0 promisc #bridging# (options BRIDGE in kernel) sysctl net.link.ether.bridge=1 sysctl net.link.ether.bridge_cfg=fec0,em2 sysctl net.link.ether.bridge_ipfw=1 Using 2 uplinks with ng_one2many (bridging problem) --- #bonding# kldload ng_ether kldload ng_one2many ifconfig em0 promisc -arp up ifconfig em1 promisc -arp up ngctl mkpeer . eiface hook ether ngctl mkpeer ngeth0: one2many lower one ngctl connect em0: ngeth0:lower lower many0 ngctl connect em1: ngeth0:lower lower many1 ifconfig ngeth0 -arp up #bridging# (options BRIDGE in kernel) sysctl net.link.ether.bridge=1 sysctl net.link.ether.bridge_cfg=ngeth0,em2 sysctl net.link.ether.bridge_ipfw=1 D I A G R A M S Using 1 uplink (works excellent): -- INTERNET UPLINK -- | | em0 *** FREEBSD BOX FOR -- Bridging em0 and em2 IPFW FILTERING *** em2 | | -- SWITCH -- Using 2 uplinks (bridging problem): -- INTERNET UPLINK -- || || em0 em1 \ / \ / (virtual) *** FREEBSD BOX FOR -- Bonding em0/em1 and bridging with em2 IPFW FILTERING *** em2 | | -- SWITCH -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Interface Bonding Bridging problem
Hello, I have been running a FreeBSD 4.10-STABLE server having 3 nics installed but was using only 2 of them (1 for uplink and 1 for switch) to monitor, filter and shape my network and had absolutely no problems at all. However, in order to increase the ability of handling even more packets (especially while filtering incoming DDoS), I decided to get a 2nd uplink from backbone, connect it to em1, bond em0/em1 (uplinks) to ngeth0/fec0 (virtual interface) and bridge ngeth0/fec0 with em2 (switch link). In order for this to work, etherchanneling is enabled between uplink1/uplink2 at the backbone side. The problem is although bonding seems to work fine as I can assign IPs at fec0/ngeth0 and send/receive packet with both cards using the virtual interface, I cannot get bridging to work at all between ngeth0/fec0(virtual) and em2(switch). There are no errors in logs, it just doesn't seem to bridge. After doing a 2 days research in Google, FreeBSD maillists, web articles and asking for help in freebsdhelp IRC channels, I ended up that someone in FreeBSD maillists may be able to help me providing me a different bonding/bridging way or even by applying a patch. I was thinking that the solution may be to do both bonding bridging using netgraph, and not bridging using FreeBSD's kernel bridge. I'd be glad to try this but unfortunately I haven't figured out how, even after reading several articles. So if anyone can help me on this step-by-step, please do. I will appreciate any replies after you take a look at the diagrams and settings below, that are showing what exactly I have done until now. Best Regards, Angelos Pantazopoulos [EMAIL PROTECTED] SharkTECH Internet Services S E T T I N G S Using 1 uplink settings (works excellent) - #bridging# (options BRIDGE in kernel) ifconfig em0 -arp sysctl net.link.ether.bridge=1 sysctl net.link.ether.bridge_cfg=em0,em1 sysctl net.link.ether.bridge_ipfw=1 Using 2 uplinks with ng_fec (bridging problem) -- #bonding# kldload ng_ether kldload ng_fec ngctl mkpeer fec dummy fec ngctl msg fec0: add_iface 'em0' ngctl msg fec0: add_iface 'em1' ngctl msg fec0: set_mode_inet ifconfig em0 promisc ifconfig em1 promisc ifconfig fec0 promisc #bridging# (options BRIDGE in kernel) sysctl net.link.ether.bridge=1 sysctl net.link.ether.bridge_cfg=fec0,em2 sysctl net.link.ether.bridge_ipfw=1 Using 2 uplinks with ng_one2many (bridging problem) --- #bonding# kldload ng_ether kldload ng_one2many ifconfig em0 promisc -arp up ifconfig em1 promisc -arp up ngctl mkpeer . eiface hook ether ngctl mkpeer ngeth0: one2many lower one ngctl connect em0: ngeth0:lower lower many0 ngctl connect em1: ngeth0:lower lower many1 ifconfig ngeth0 -arp up #bridging# (options BRIDGE in kernel) sysctl net.link.ether.bridge=1 sysctl net.link.ether.bridge_cfg=ngeth0,em2 sysctl net.link.ether.bridge_ipfw=1 D I A G R A M S Using 1 uplink (works excellent): -- INTERNET UPLINK -- | | em0 *** FREEBSD BOX FOR -- Bridging em0 and em2 IPFW FILTERING *** em2 | | -- SWITCH -- Using 2 uplinks (bridging problem): -- INTERNET UPLINK -- || || em0 em1 \ / \ / (virtual) *** FREEBSD BOX FOR -- Bonding em0/em1 and bridging with em2 IPFW FILTERING *** em2 | | -- SWITCH -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
bridging on 5.3 beta not working
Maybe I should post this to the CURRENT mail list or maybe STABLE(even though releng_5 isn't stable yet) but I wanted to try here first. I can't seem to get bridging working on a new install of 5.3 beta. I set up the system correctly as far as I can tell(see info below). I gave one nic(em0) an ip and can reach other machines(using ssh as the test). If I move the ethernet cable from em0 to em1 I can't get out to any machines. Perhaps this is not a valid test (seems it should be). I must also mention that I did try both ports plugged in(between two switches) but no traffic was getting through. below is the output of `sysctl net.link.ether.bridge' net.link.ether.bridge.version: 031224 net.link.ether.bridge.debug: 0 net.link.ether.bridge.ipf: 0 net.link.ether.bridge.ipfw: 1 net.link.ether.bridge.copy: 0 net.link.ether.bridge.ipfw_drop: 0 net.link.ether.bridge.ipfw_collisions: 0 net.link.ether.bridge.packets: 382 net.link.ether.bridge.dropped: 0 net.link.ether.bridge.predict: 201 net.link.ether.bridge.enable: 1 net.link.ether.bridge.config: em0:0,em1:0 I have `options BRIDGE' compiled in the kernel, along with options IPFIREWALL options IPFIREWALL_VERBOSE I can send the entire kernel config if needed. output from `ipfw show' 65000 722 74390 allow ip from any to any 65535 1 108 deny ip from any to any Below is dmesg.boot. Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.3-BETA1 #5: Wed Aug 25 14:57:39 EST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/BG Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Pentium(R) 4 CPU 3.40GHz (3400.14-MHz 686-class CPU) Origin = GenuineIntel Id = 0xf34 Stepping = 4 Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Hyperthreading: 2 logical CPUs real memory = 1073479680 (1023 MB) avail memory = 1045135360 (996 MB) ACPI APIC Table: DELL PE750 FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 ioapic0: Changing APIC ID to 2 ioapic1: Changing APIC ID to 3 ioapic0 Version 2.0 irqs 0-23 on motherboard ioapic1 Version 2.0 irqs 24-47 on motherboard npx0: [FAST] npx0: math processor on motherboard npx0: INT 16 interface acpi0: DELL PE750 on motherboard acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x808-0x80b on acpi0 cpu0: ACPI CPU on acpi0 cpu1: ACPI CPU on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 pcib1: ACPI PCI-PCI bridge at device 3.0 on pci0 pci1: ACPI PCI bus on pcib1 em0: Intel(R) PRO/1000 Network Connection, Version - 1.7.25 port 0xece0-0xecff mem 0xfe2e-0xfe2f irq 18 at device 1.0 on pci1 em0: [GIANT-LOCKED] em0: Ethernet address: 00:c0:9f:44:bd:ed em0: Speed:N/A Duplex:N/A pcib2: ACPI PCI-PCI bridge at device 28.0 on pci0 pci2: ACPI PCI bus on pcib2 aac0: Dell CERC SATA RAID 2 mem 0xf400-0xf7ff irq 24 at device 1.0 on pci2 aac0: [FAST] aac0: Unknown processor 100MHz, 48MB cache memory, optional battery not installed aac0: Kernel 4.1-0, Build 7028, S/N bc68d4 aac0: Supported Options=1097cWCACHE,DATA64,HOSTTIME,RAID50,WINDOW4GB,SOFTERR,ALARM uhci0: UHCI (generic) USB controller port 0xcce0-0xccff irq 16 at device 29.0 on pci0 uhci0: [GIANT-LOCKED] usb0: UHCI (generic) USB controller on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1: UHCI (generic) USB controller port 0xccc0-0xccdf irq 19 at device 29.1 on pci0 uhci1: [GIANT-LOCKED] usb1: UHCI (generic) USB controller on uhci1 usb1: USB revision 1.0 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered pci0: base peripheral at device 29.4 (no driver attached) pci0: base peripheral, interrupt controller at device 29.5 (no driver attached) pci0: serial bus, USB at device 29.7 (no driver attached) pcib3: ACPI PCI-PCI bridge at device 30.0 on pci0 pci3: ACPI PCI bus on pcib3 em1: Intel(R) PRO/1000 Network Connection, Version - 1.7.25 port 0xdcc0-0xdcff mem 0xfdee-0xfdef irq 21 at device 2.0 on pci3 em1: [GIANT-LOCKED] em1: Ethernet address: 00:c0:9f:44:bd:ee em1: Speed:N/A Duplex:N/A pci3: display, VGA at device 14.0 (no driver attached) isab0: PCI-ISA bridge at device 31.0 on pci0 isa0: ISA bus on isab0 atapci0: Intel 6300ESB SATA150 controller port 0xfea0-0xfeaf,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 31.2 on pci0 ata0: channel #0 on atapci0 ata1: channel #1 on atapci0 pci0: serial bus, SMBus at device 31.3 (no driver attached) fdc0: floppy drive controller port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on acpi0 fdc0: FIFO enabled, 8 bytes threshold fd0: 1440-KB 3.5 drive on fdc0 drive
Routing or bridging wireless connections - help FreeBSD
Hello, In using FreeBsd 5.2.1-Release I am running into some trouble. I have successfully recompiled the kernel with support for atheros based wireless cards. I have also been able to setup the card into access point Hostap mode correctly. I have tried the bridging recommend in the FreeBSD wireless setup at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html but was unsuccessful. I have configured the wireless adapter with it's own subnet of ip's one for the actual box and the rest client ip''. The subnet is not the same as the one on the wireless adapter. When I enable bridge mode as dicussed in the link above, I can ping the ip allocated to the ethernet adapter and the one allocated to the wireless adapter when wirelessly connected to the freebsd box, but when the bridging is disabled I can only ping the ip assigned to the wireless adapter in the machine when wirelessly connected. When I ssh to the box either with bridging on or off to the wireless ip on the machine I can ping google.com and other common web sites. I need help trying to route the adapted and client ip's to the internet. Dan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bridging with multiport ethernet cards
My box has 3 ethernet cards, fxp0, xl0 and another 4-port card. Is it possible to bridge all the interfaces like this: net.link.ether.bridge.enable=1 net.link.ether.bridge_cfg=xl0,fxp0 net.link.ether.bridge_cfg=vr0,fxp0 net.link.ether.bridge_cfg=vr1,fxp0 net.link.ether.bridge_cfg=vr2,fxp0 net.link.ether.bridge_cfg=vr3,fxp0 Thanks. -Wash http://www.netmeister.org/news/learn2quote.html -- +==+ |\ _,,,---,,_ | Odhiambo Washington[EMAIL PROTECTED] Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ Bipolar, adj.: Refers to someone who has homes in Nome, Alaska, and Buffalo, New York ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bridging Firewall
I am using this document HYPERLINK http://www.freebsd.org/doc/en_US.ISO8859-1/articles/filtering-bridges/filte ring-bridges-contributors.htmlhttp://www.freebsd.org/doc/en_US.ISO8859-1/ar ticles/filtering-bridges/filtering-bridges-contributors.html I find no reference to MAC rules showing up in 5.2.1. Any help or advice would be appreciated. -- Outgoing mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.230 / Virus Database: 262.9.4 - Release Date: 4/21/2004 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging Firewall
I find no reference to MAC rules showing up in 5.2.1. Any help or advice would be appreciated. That's because bridge(4) doesn't do Layer 2 filtering. Neither does ipfw (as well it shouldn't). I don't know if there are any plans to add this capability to FreeBSD's bridge, but I know that OpenBSD's bridge can do it. See http://www.openbsd.org/faq/faq6.html#Bridge and the man pages for bridge(4) and brconfig(8). ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.2 Bridging issue
I asked: I've got a bridge(4) issue on a BSD 5.2.1 box. The bridging box has three ethernet interfaces, two bridged together in a single cluster, and one connected to the internet. The box acts as a bridge for the two network segments, and as a router to the Internet (it's the default gateway). The problem is, only one of the bridged segments can communicate with the BSD box directly (and thus the Internet), even though the two segments can talk to each other just fine. Bjorn Eikeland replied: Try sysctl net.inet.ip.check_interface=0 - sounds like the same problem i had with my bridge a while back. good luck! Bjorn Thanks! That was it! I didn't even think to check this, since I was unaware that it was set to 1 by default in 5.2. Maybe I'll submit a patch PR for the bridge(4) man page to mention this. Aaron out. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Unsolved: 5.2 Bridging issue
I originally wrote: I've got a bridge(4) issue on a BSD 5.2.1 box. The bridging box has three ethernet interfaces, two bridged together in a single cluster, and one connected to the internet. The box acts as a bridge for the two network segments, and as a router to the Internet (it's the default gateway). The problem is, only one of the bridged segments can communicate with the BSD box directly (and thus the Internet), even though the two segments can talk to each other just fine. And Bjorn Eikeland responded: Try sysctl net.inet.ip.check_interface=0 - sounds like the same problem i had with my bridge a while back. good luck! Bjorn I then replied that his Bjorn's explanation worked. Well, I feel like an idiot now, but it turns out it didn't work after all. I just had plugged in my test machine into the wrong ethernet port, so of course things worked. Quick recap of my set-up: FreeBSD box with 3 interfaces, two bridged, the other connects to the Internet. The interfaces are as follows: em010.10.10.1/24 Bridged with rl1 rl010.20.20.2/24 Not bridged, connects to rest of net rl1NO IP ADDRESS Bridged with em0 so hosts on this segment are on the same 10.10.10.0/24 subnet All hosts on 10.10.10.0/24 use 10.10.10.1 as the default gateway. The FreeBSD box in question acts as a router and bridge, routing stuff to an upstream router (call it 10.20.20.1). Some sysctl settings: - net.link.ether.bridge.enable: 1 net.link.ether.bridge.config: em0:1,rl1:1 net.link.ether.bridge_ipfw: 0 net.inet.ip.check_interface: 0 net.inet.ip.forwarding=1 Routing Table: -- Internet: DestinationGatewayFlagsRefs Use Netif default10.20.20.1 UGS 0 193583rl0 10/24 link#3 UC 00em0 127.0.0.1 127.0.0.1 UH 0 2300lo0 10.20.20.0/24 link#1 UC 00rl0 10.20.20.1 01:23:45:67:89:ab UHLW10rl0 ifconfig sample: rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU inet 10.20.20.2 netmask 0xfff0 broadcast 10.20.20.255 ether 0f:1e:2d:3c:4b:3a media: Ethernet autoselect (100baseTX full-duplex) status: active rl1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU ether 00:11:aa:bb:22:cc media: Ethernet autoselect (100baseTX full-duplex) status: active em0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=3RXCSUM,TXCSUM inet 10.10.10.1 netmask 0xff00 broadcast 10.10.10.255 ether ab:cd:ef:98:76:54 media: Ethernet autoselect (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 PROBLEM RECAP: -- Traffic between em0 and rl1 is bridged just fine, EXCEPT for traffic TO/FROM the FreeBSD host itself TO any hosts on rl1 (the interface without the IP address). So 10.10.10.100 on rl1 can talk with 10.10.10.50 on em0, ARP traffic as well as IP traffic. But the BSD host will never get ARP or IP traffic to/from 10.10.10.100 on rl1. The BSD host can talk just fine to 10.10.10.50 on em0. Anyone else have any ideas? The system's running FreeBSD 5.2.1-RC2. Thanks again in advance! Aaron out. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
5.2 Bridging issue
PROBLEM SUMMARY: I've got a bridge(4) issue on a BSD 5.2.1 box. The bridging box has three ethernet interfaces, two bridged together in a single cluster, and one connected to the internet. The box acts as a bridge for the two network segments, and as a router to the Internet (it's the default gateway). The problem is, only one of the bridged segments can communicate with the BSD box directly (and thus the Internet), even though the two segments can talk to each other just fine. NETWORK SET-UP: --- First, let me clue you in on my network set-up: FreeBSD 5.2 Box with 3 ethernet interfaces, em0, rl0, and rl1: [FreeBSD Box] | | | rl0 rl1 em0 | | | | | +---To-Internal-Network-Segment-#1... | | | +---To-Internal-Network-Segment-#2.. | +---Internet... Interfaces rl1 and em0 are bridged: net.link.ether.bridge.config=em0:1,rl1:1 Since they ARE bridged and so are on the same subnet, only em0 has an IP address: ifconfig em0 inet 10.10.10.1/16 I don't see how or why one would need or could assign an IP on the same subnet to the other interface, rl1, unless it was handled like many alias addresses, as a /32 host address. Interface rl0 is the link to the Internet. Bridging for the most part seems to be working. Hosts on segment #1 (via em0) are visible to hosts on segment #2 (connected via rl1). They can ping each other, get ARP address resolution, and pass IP traffic. All hosts use 10.10.10.1 as their default gateway to the Internet. Hosts on segment #1 can reach the Internet just fine. PROBLEM DETAILS: Hosts on segment #2 cannot seem to be able to communicate with the bridinging/routing FreeBSD box's own IP addresses, and since it is the default gateway, in turn they cannot reach the Internet. No layer 2 traffic (ARP) reaches the FreeBSD box directly (the ARP table shows incomplete for all segment #2 addresses, even though ARP packets DO reach segment #1 just fine, passing transparently through the FreeBSD box. The BSD box just can't see stuff addressed directly to it. This is NOT a firewalling or NAT issue. This is exclusively a bridging issue. Firewalling/NAT occurse elsewhere. So since I'm a FreeBSD bridge(4) newbie, after scouring the man page, reading the Handbook's information, searching various mailing list archives, I can't find anything useful that tells me if bridge's bdg_forward() knows how to handle traffic like this. Apparently it doesn't. So bridging is just fine if you want your BSD box hidden, transparent, invisible. But if you want it visible so it can act as a default gateway to all segments of a subnet that are bridged together, HOW DOES ONE DO IT? I can't ifconfig the rl1 interface with an IP on the same subnet unless it's a /32, and that accomplishes nothing (the IP packets are addressed to the IP address assigned to em0). Bridging SHOULD just bridge, so traffic to the BSD box's em0 IP should come in on rl1 and be processed by the host. Somehow the bridging code knows the MAC addresses on the segment #2 side of things (rl1), since it passes traffic between the two segments just fine. But the kernel's ARP table is totally ignorant. It can't find those hosts. REQUEST FOR HELP: - Thanks in advance for all help, pointers, etc. If there's not a way to do this, then this sounds like an issue that should be added to the BUGS section of the bridge(4) man page. Aaron out. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
