----- Original Message ----- 
From: "Aled Treharne" <[EMAIL PROTECTED]>
Sent: Monday, September 01, 2003 5:12 PM
Subject: no response on unnumbered bridged interface?

> Hi guys.
> I've just upgraded (aka reinstalled) my firewall up to 5.1-RELEASE. The
> hardware isn't particularly new, but it's been quite happily trudging
> along for the past few years using 4.something. However, with 5.1, I've
> found weirdness and I wanted to check to see if this is expected
> behaviour or not.
> The machine has two 3C509's ep0 (external) and ep1 (internal). Ep0 is
> numbered and the following sysctl variables set:
> Net.link.ether.bridge_cfg="ep0,ep1"
> Net.link.ether.bridge_ipfw=1
> Net.link.ether.bridge=1
> Now it bridges quite happily ( I have IPFIREWALL_DEFAULT_ACCEPT set in
> the kernel), and I can ping back and forth without any problem. However,
> if I try and access the bridge from a machine connected to the switch on
> the inside interface, it doesn't respond. Tcdump on the box shows ECHO
> request packets, I see arp traffic (and the inside machine has the
> correct mac address), but I see no echo responses. This is a problem,
> since I'd like to admin this box from inside my network. :) I also
> wouldn't mind the box seeing the internal network...
> I can't see anything wrong with what I've got, and there's nothing in
> the docs about this problem. I also experienced this problem with a
> Intel EtherExpress Pro I had in there as the internal interface, and
> both the ep1 card and the Intel NIC have worked in other boxes.
> Has anyone got any ideas on what's going on here? As far as I can tell,
> the config is identical to my previous installation...
> Cheers,
> Aled.

Is the system configured to forward packets? Assuming that 5.x has the
following variables available (I still run 4.8 here), try:

sysctl -a |grep forwarding

You should see "net.inet.ip.forwarding: 1". If it's 0, then your system
won't pass traffic between the the interfaces.


Micheal Patterson
Network Administration
Cancer Care Network

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to