Bruce A. Mah wrote:
You didn't say which bridging driver or version of FreeBSD you're using,
but it sounds to me like you're using bridge(4), right?
Yes.
This is a
fairly well known problem, which I wrote a little bit about here:
http://lists.freebsd.org/pipermail/freebsd-net/2004-December/006075.html
(This message describes a scenario with ipf, but it applies equally well
I think to ipfw.)
Read that.
So I guess my analysis was wrong in that I thought natd was not
reconverting packets; from what you say I understand the problem is that
this packets are not diverted to natd, right?
The details are right now beyond my understanding...
If you can, try switching to using if_bridge(4).
I cannot right now, since I have to wait to be physically at this box,
but I could try in the future. Do you see any drawback?
You (probably) want to
assign the public NAT address to the bridge0 interface, and leave the
physical interfaces making up the bridges (xl0 and rl1 in your case)
unnumbered. I've had good experiences with this type of configuration.
Ok.
So I would only need to
create the bridge0 interface as per man page
sysctl net.link.bridge.ipfw=1
sysctl net.link.bridge.pfil_onlyip=0
change every reference to rl1 in my ipfw ruleset to bridge0
Anything else?
Would everything work the same as now (apart from this "feature" which
is causing me troubles)?
bye & Thanks a lot
av.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
