if_bridge with two subnets
Hi, I have an if_bridge, thus: bridge0: flags=8843 metric 0 mtu 1500 inet XX.XX.XXX.20 netmask 0xfff8 broadcast XX.XX.XXX.23 inet 192.168.1.30 netmask 0xff00 broadcast 192.168.1.255 On one side of the bridge is a layer 2 switch with clients of a mix of addresses from these two subnets. On the other side is a gateway XX.XX.XXX.22. All clients can communicate through the gateway correctly, with the 192.168.1.x subnet being NAT'd. However, clients from one subnet cannot communicate with clients from the other subnet. Pinging a 192.168.1.X machine from the other subnet shows the packet incorrectly routed out through the gateway, not back through the interface it came. The routing table shows that both subnets should be routed through the bridge: XX.XX.XXX.XX/29link#5 UC 00 bridge 192.168.1.0/24 link#5 UC 00 bridge The bridge host itself can ping machines on both subnets. So why is the if_bridge routing packets destined for the private subnet out through the default route instead? (The specific hosts being pinged are present in the routing table from ARP lookups. They are all destined for the bridge interface.) -- Jay L. T. Cornwall http://www.jcornwall.me.uk/ ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: if_bridge with two subnets
The bridge works as it should: It receives packets from XX.XX.XXX.YYY on the interface connected to the switch, and forwards them on the interface connected to the gateway. The problem is that forwarding between subnets is the responsibility of your switch. The switch does its job, but since the two clients are not on the same IP subnet, they can not reach each other w/o the help of an intermediate router. Jay L. T. Cornwall wrote: Hi, I have an if_bridge, thus: bridge0: flags=8843 metric 0 mtu 1500 inet XX.XX.XXX.20 netmask 0xfff8 broadcast XX.XX.XXX.23 inet 192.168.1.30 netmask 0xff00 broadcast 192.168.1.255 On one side of the bridge is a layer 2 switch with clients of a mix of addresses from these two subnets. On the other side is a gateway XX.XX.XXX.22. All clients can communicate through the gateway correctly, with the 192.168.1.x subnet being NAT'd. However, clients from one subnet cannot communicate with clients from the other subnet. Pinging a 192.168.1.X machine from the other subnet shows the packet incorrectly routed out through the gateway, not back through the interface it came. The routing table shows that both subnets should be routed through the bridge: XX.XX.XXX.XX/29link#5 UC 00 bridge 192.168.1.0/24 link#5 UC 00 bridge The bridge host itself can ping machines on both subnets. So why is the if_bridge routing packets destined for the private subnet out through the default route instead? (The specific hosts being pinged are present in the routing table from ARP lookups. They are all destined for the bridge interface.) -- With best regards. Hooman Fazaeli <[EMAIL PROTECTED]> Technical Manager Sepehr S. T. Co. Ltd. Web: http://www.sepehrs.com Tel: (9821)88975701-2 Fax: (9821)88983352 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: if_bridge with two subnets
H.fazaeli wrote: The bridge works as it should: It receives packets from XX.XX.XXX.YYY on the interface connected to the switch, and forwards them on the interface connected to the gateway. The problem is that forwarding between subnets is the responsibility of your switch. The switch does its job, but since the two clients are not on the same IP subnet, they can not reach each other w/o the help of an intermediate router. Perhaps I am mixing up two separate networking concepts. On a machine configured to act as a gateway, I would expect a single interface with more than one subnet to route packets correctly across those subnets. That may not be how it works in practice. If it does not work, I would question why not. If it does work then I would expect the same behaviour on each of a bridge's constituent interfaces? -- Jay L. T. Cornwall http://www.jcornwall.me.uk/ ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: if_bridge with two subnets
Jay L. T. Cornwall wrote: H.fazaeli wrote: The bridge works as it should: It receives packets from XX.XX.XXX.YYY on the interface connected to the switch, and forwards them on the interface connected to the gateway. The problem is that forwarding between subnets is the responsibility of your switch. The switch does its job, but since the two clients are not on the same IP subnet, they can not reach each other w/o the help of an intermediate router. Perhaps I am mixing up two separate networking concepts. On a machine configured to act as a gateway, I would expect a single interface with more than one subnet to route packets correctly across those subnets. That may not be how it works in practice. If it does not work, I would question why not. If it does work then I would expect the same behaviour on each of a bridge's constituent interfaces? It does work. However, if I understand your setup correctly, the freebsd box has been setup to act as a bridge, not as a router (routing is enabled with sysctl net.inet.ip.forwarding=1). Bridging works when the forwarding is between the same subnets. For freebsd box to route between subnets: - enable routing: sysctl net.inet.ip.forwarding=1 - clients must use the freebsd box as gateway. - IP addresses must be removed from the bridge and assigned to the member interfaces. (the bridge is no longer needed). You may have bridging & routing on the same box at the same time but note that a single packet coming into the system either goes through bridging _or_ routing code, but not both. The former case happens if packet's destination MAC address is not that of box. The latter case happens when destination MAC address is that of receiving interface. If you provide a network diagram along with your requirements, we can better discuss the matter. -- With best regards. Hooman Fazaeli <[EMAIL PROTECTED]> Technical Manager Sepehr S. T. Co. Ltd. Web: http://www.sepehrs.com Tel: (9821)88975701-2 Fax: (9821)88983352 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: if_bridge with two subnets
H.fazaeli wrote: It does work. However, if I understand your setup correctly, the freebsd box has been setup to act as a bridge, not as a router (routing is enabled with sysctl net.inet.ip.forwarding=1). Bridging works when the forwarding is between the same subnets. For freebsd box to route between subnets: - enable routing: sysctl net.inet.ip.forwarding=1 - clients must use the freebsd box as gateway. - IP addresses must be removed from the bridge and assigned to the member interfaces. (the bridge is no longer needed). You may have bridging & routing on the same box at the same time but note that a single packet coming into the system either goes through bridging _or_ routing code, but not both. The former case happens if packet's destination MAC address is not that of box. The latter case happens when destination MAC address is that of receiving interface. Thank you very much for your explanation. I had misunderstood precisely how routing and bridging are done in FreeBSD but it now makes sense. If you provide a network diagram along with your requirements, we can better discuss the matter. I now have a working network configuration. For completeness I will explain how it's set up. I have a small, publicly routable netblock to serve a larger LAN of machines. Thus some of the machines draw IPs from a non-routable private pool and are NAT'd to a one of the public IPs. It looks like this: [Gateway] XX.XX.XXX.22 | [FreeBSD] XX.XX.XXX.20-21 | [L2 Switch] | PCsXX.XX.XXX.17-19 192.168.1.0/24 The gateway must have one of the public IPs to communicate with its upstream correctly. On the other side of the FreeBSD server the rest of those IPs are used. So a traditional gateway setup would not work here: it would imply that the FreeBSD server has two interfaces from two different subnets, rather than one split subnet. Perhaps a static route for the gateway would work, but it would be messy. So I bridge the two interfaces to join the public subnet. Following your advice I have set the FreeBSD server to the network gateway - previously it was the .22 gateway - and now all of the LAN PCs can communicate without additional routing information. Inter-subnet packets will bounce off the FreeBSD server, rather than staying inside the L2 switch, but that's OK. -- Jay L. T. Cornwall http://www.jcornwall.me.uk/ ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
