Hello, I'm sorry my bad English. I've got a firewall with following topology:
- VLAN_20 - 192.168.20.1/24 - VLAN_30 - 192.168.30.1/24 - BR_VLAN0 - (no ip only enabled) The bridge contains both VLAN_20 and VLAN_30. There is a notebook behind VLAN_30 (IP: 192.168.30.10). I'm pinging from this notebook to 192.168.30.5 (a non existent IP). This generate ARP broadcast requests. 10:08:55.572459 00:16:36:94:a9:93 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 30, p 0, ethertype ARP, Request who-has 192.168.30.5 tell 192.168.30.10, length 46 10:08:55.572481 00:16:36:94:a9:93 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 20, p 0, ethertype ARP, Request who-has 192.168.30.5 tell 192.168.30.10, length 46 10:08:56.573096 00:16:36:94:a9:93 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 30, p 0, ethertype ARP, Request who-has 192.168.30.5 tell 192.168.30.10, length 46 10:08:56.573117 00:16:36:94:a9:93 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 20, p 0, ethertype ARP, Request who-has 192.168.30.5 tell 192.168.30.10, length 46 I would like to these ARP packets do not go to VLAN_20, because is sure there is not the end destination. I'm trying with choparp the following command: choparp nfe0_vlan20 00:1a:92:c9:18:6d -192.168.30.0/24 But doesn't work. Is there any solution or forget it? (The bridge is necessary for other reasons.) Thank you, Regards Mihaly
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
