Unsolved: 5.2 Bridging issue
I originally wrote: I've got a bridge(4) issue on a BSD 5.2.1 box. The bridging box has three ethernet interfaces, two bridged together in a single cluster, and one connected to the internet. The box acts as a bridge for the two network segments, and as a router to the Internet (it's the default gateway). The problem is, only one of the bridged segments can communicate with the BSD box directly (and thus the Internet), even though the two segments can talk to each other just fine. And Bjorn Eikeland responded: Try sysctl net.inet.ip.check_interface=0 - sounds like the same problem i had with my bridge a while back. good luck! Bjorn I then replied that his Bjorn's explanation worked. Well, I feel like an idiot now, but it turns out it didn't work after all. I just had plugged in my test machine into the wrong ethernet port, so of course things worked. Quick recap of my set-up: FreeBSD box with 3 interfaces, two bridged, the other connects to the Internet. The interfaces are as follows: em010.10.10.1/24 Bridged with rl1 rl010.20.20.2/24 Not bridged, connects to rest of net rl1NO IP ADDRESS Bridged with em0 so hosts on this segment are on the same 10.10.10.0/24 subnet All hosts on 10.10.10.0/24 use 10.10.10.1 as the default gateway. The FreeBSD box in question acts as a router and bridge, routing stuff to an upstream router (call it 10.20.20.1). Some sysctl settings: - net.link.ether.bridge.enable: 1 net.link.ether.bridge.config: em0:1,rl1:1 net.link.ether.bridge_ipfw: 0 net.inet.ip.check_interface: 0 net.inet.ip.forwarding=1 Routing Table: -- Internet: DestinationGatewayFlagsRefs Use Netif default10.20.20.1 UGS 0 193583rl0 10/24 link#3 UC 00em0 127.0.0.1 127.0.0.1 UH 0 2300lo0 10.20.20.0/24 link#1 UC 00rl0 10.20.20.1 01:23:45:67:89:ab UHLW10rl0 ifconfig sample: rl0: flags=8843 mtu 1500 options=8 inet 10.20.20.2 netmask 0xfff0 broadcast 10.20.20.255 ether 0f:1e:2d:3c:4b:3a media: Ethernet autoselect (100baseTX ) status: active rl1: flags=8943 mtu 1500 options=8 ether 00:11:aa:bb:22:cc media: Ethernet autoselect (100baseTX ) status: active em0: flags=8943 mtu 1500 options=3 inet 10.10.10.1 netmask 0xff00 broadcast 10.10.10.255 ether ab:cd:ef:98:76:54 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff00 PROBLEM RECAP: -- Traffic between em0 and rl1 is bridged just fine, EXCEPT for traffic TO/FROM the FreeBSD host itself TO any hosts on rl1 (the interface without the IP address). So 10.10.10.100 on rl1 can talk with 10.10.10.50 on em0, ARP traffic as well as IP traffic. But the BSD host will never get ARP or IP traffic to/from 10.10.10.100 on rl1. The BSD host can talk just fine to 10.10.10.50 on em0. Anyone else have any ideas? The system's running FreeBSD 5.2.1-RC2. Thanks again in advance! Aaron out. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 5.2 Bridging issue
I asked: I've got a bridge(4) issue on a BSD 5.2.1 box. The bridging box has three ethernet interfaces, two bridged together in a single cluster, and one connected to the internet. The box acts as a bridge for the two network segments, and as a router to the Internet (it's the default gateway). The problem is, only one of the bridged segments can communicate with the BSD box directly (and thus the Internet), even though the two segments can talk to each other just fine. Bjorn Eikeland replied: Try sysctl net.inet.ip.check_interface=0 - sounds like the same problem i had with my bridge a while back. good luck! Bjorn Thanks! That was it! I didn't even think to check this, since I was unaware that it was set to 1 by default in 5.2. Maybe I'll submit a patch PR for the bridge(4) man page to mention this. Aaron out. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 5.2 Bridging issue
På Thu, 12 Feb 2004 03:56:56 -0700 (MST), skrev Aaron D. Gifford <[EMAIL PROTECTED]>: PROBLEM SUMMARY: I've got a bridge(4) issue on a BSD 5.2.1 box. The bridging box has three ethernet interfaces, two bridged together in a single cluster, and one connected to the internet. The box acts as a bridge for the two network segments, and as a router to the Internet (it's the default gateway). The problem is, only one of the bridged segments can communicate with the BSD box directly (and thus the Internet), even though the two segments can talk to each other just fine. NETWORK SET-UP: --- First, let me clue you in on my network set-up: FreeBSD 5.2 Box with 3 ethernet interfaces, em0, rl0, and rl1: [FreeBSD Box] | | | rl0 rl1 em0 | | | | | +---To-Internal-Network-Segment-#1... | | | +---To-Internal-Network-Segment-#2.. | +---Internet... Interfaces rl1 and em0 are bridged: net.link.ether.bridge.config=em0:1,rl1:1 Since they ARE bridged and so are "on the same subnet", only em0 has an IP address: ifconfig em0 inet 10.10.10.1/16 I don't see how or why one would need or could assign an IP on the same subnet to the other interface, rl1, unless it was handled like many alias addresses, as a /32 host address. Interface rl0 is the link to the Internet. Bridging for the most part seems to be working. Hosts on segment #1 (via em0) are visible to hosts on segment #2 (connected via rl1). They can ping each other, get ARP address resolution, and pass IP traffic. All hosts use 10.10.10.1 as their default gateway to the Internet. Hosts on segment #1 can reach the Internet just fine. PROBLEM DETAILS: Hosts on segment #2 cannot seem to be able to communicate with the bridinging/routing FreeBSD box's own IP addresses, and since it is the default gateway, in turn they cannot reach the Internet. No layer 2 traffic (ARP) reaches the FreeBSD box directly (the ARP table shows "incomplete" for all segment #2 addresses, even though ARP packets DO reach segment #1 just fine, passing transparently through the FreeBSD box. The BSD box just can't see stuff addressed directly to it. This is NOT a firewalling or NAT issue. This is exclusively a bridging issue. Firewalling/NAT occurse elsewhere. So since I'm a FreeBSD bridge(4) newbie, after scouring the man page, reading the Handbook's information, searching various mailing list archives, I can't find anything useful that tells me if bridge's bdg_forward() knows how to handle traffic like this. Apparently it doesn't. So bridging is just fine if you want your BSD box hidden, transparent, invisible. But if you want it visible so it can act as a default gateway to all segments of a subnet that are bridged together, HOW DOES ONE DO IT? I can't ifconfig the rl1 interface with an IP on the same subnet unless it's a /32, and that accomplishes nothing (the IP packets are addressed to the IP address assigned to em0). Bridging SHOULD just bridge, so traffic to the BSD box's em0 IP should come in on rl1 and be processed by the host. Somehow the bridging code knows the MAC addresses on the segment #2 side of things (rl1), since it passes traffic between the two segments just fine. But the kernel's ARP table is totally ignorant. It can't find those hosts. REQUEST FOR HELP: - Thanks in advance for all help, pointers, etc. If there's not a way to do this, then this sounds like an issue that should be added to the BUGS section of the bridge(4) man page. Aaron out. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" Try sysctl net.inet.ip.check_interface=0 - sounds like the same problem i had with my bridge a while back. good luck! Bjorn ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
5.2 Bridging issue
PROBLEM SUMMARY: I've got a bridge(4) issue on a BSD 5.2.1 box. The bridging box has three ethernet interfaces, two bridged together in a single cluster, and one connected to the internet. The box acts as a bridge for the two network segments, and as a router to the Internet (it's the default gateway). The problem is, only one of the bridged segments can communicate with the BSD box directly (and thus the Internet), even though the two segments can talk to each other just fine. NETWORK SET-UP: --- First, let me clue you in on my network set-up: FreeBSD 5.2 Box with 3 ethernet interfaces, em0, rl0, and rl1: [FreeBSD Box] | | | rl0 rl1 em0 | | | | | +---To-Internal-Network-Segment-#1... | | | +---To-Internal-Network-Segment-#2.. | +---Internet... Interfaces rl1 and em0 are bridged: net.link.ether.bridge.config=em0:1,rl1:1 Since they ARE bridged and so are "on the same subnet", only em0 has an IP address: ifconfig em0 inet 10.10.10.1/16 I don't see how or why one would need or could assign an IP on the same subnet to the other interface, rl1, unless it was handled like many alias addresses, as a /32 host address. Interface rl0 is the link to the Internet. Bridging for the most part seems to be working. Hosts on segment #1 (via em0) are visible to hosts on segment #2 (connected via rl1). They can ping each other, get ARP address resolution, and pass IP traffic. All hosts use 10.10.10.1 as their default gateway to the Internet. Hosts on segment #1 can reach the Internet just fine. PROBLEM DETAILS: Hosts on segment #2 cannot seem to be able to communicate with the bridinging/routing FreeBSD box's own IP addresses, and since it is the default gateway, in turn they cannot reach the Internet. No layer 2 traffic (ARP) reaches the FreeBSD box directly (the ARP table shows "incomplete" for all segment #2 addresses, even though ARP packets DO reach segment #1 just fine, passing transparently through the FreeBSD box. The BSD box just can't see stuff addressed directly to it. This is NOT a firewalling or NAT issue. This is exclusively a bridging issue. Firewalling/NAT occurse elsewhere. So since I'm a FreeBSD bridge(4) newbie, after scouring the man page, reading the Handbook's information, searching various mailing list archives, I can't find anything useful that tells me if bridge's bdg_forward() knows how to handle traffic like this. Apparently it doesn't. So bridging is just fine if you want your BSD box hidden, transparent, invisible. But if you want it visible so it can act as a default gateway to all segments of a subnet that are bridged together, HOW DOES ONE DO IT? I can't ifconfig the rl1 interface with an IP on the same subnet unless it's a /32, and that accomplishes nothing (the IP packets are addressed to the IP address assigned to em0). Bridging SHOULD just bridge, so traffic to the BSD box's em0 IP should come in on rl1 and be processed by the host. Somehow the bridging code knows the MAC addresses on the segment #2 side of things (rl1), since it passes traffic between the two segments just fine. But the kernel's ARP table is totally ignorant. It can't find those hosts. REQUEST FOR HELP: - Thanks in advance for all help, pointers, etc. If there's not a way to do this, then this sounds like an issue that should be added to the BUGS section of the bridge(4) man page. Aaron out. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
