Re: [pfSense] Arp no-proxy with pfSense 2.0.2 and bridge

Thu, 31 Jan 2013 23:47:54 -0800 

You need to enter a static entry on the bridge as well.
This cannot be done from GUI currectly.

The bridge maintains its own arp table for forwarding that is why the
requirment.


On Thu, Jan 31, 2013 at 10:21 AM, Mihály Árva-Tóth <
[email protected]> wrote:

> Hello,
>
> I'm sorry my bad English. I've got a firewall with following topology:
>
> - VLAN_20 - 192.168.20.1/24
> - VLAN_30 - 192.168.30.1/24
> - BR_VLAN0 - (no ip only enabled)
>
> The bridge contains both VLAN_20 and VLAN_30.
>
> There is a notebook behind VLAN_30 (IP: 192.168.30.10). I'm pinging from
> this notebook to 192.168.30.5 (a non existent IP). This generate  ARP
> broadcast requests.
>
> 10:08:55.572459 00:16:36:94:a9:93 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
> (0x8100), length 64: vlan 30, p 0, ethertype ARP, Request who-has
> 192.168.30.5 tell 192.168.30.10, length 46
> 10:08:55.572481 00:16:36:94:a9:93 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
> (0x8100), length 64: vlan 20, p 0, ethertype ARP, Request who-has
> 192.168.30.5 tell 192.168.30.10, length 46
> 10:08:56.573096 00:16:36:94:a9:93 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
> (0x8100), length 64: vlan 30, p 0, ethertype ARP, Request who-has
> 192.168.30.5 tell 192.168.30.10, length 46
> 10:08:56.573117 00:16:36:94:a9:93 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
> (0x8100), length 64: vlan 20, p 0, ethertype ARP, Request who-has
> 192.168.30.5 tell 192.168.30.10, length 46
>
> I would like to these ARP packets do not go to VLAN_20, because is sure
> there is not the end destination.
>
> I'm trying with choparp the following command:
>
> choparp nfe0_vlan20 00:1a:92:c9:18:6d -192.168.30.0/24
>
> But doesn't work. Is there any solution or forget it? (The bridge is
> necessary for other reasons.)
>
> Thank you,
> Regards
> Mihaly
>
> _______________________________________________
> List mailing list
> [email protected]
> http://lists.pfsense.org/mailman/listinfo/list
>
>


-- 
Ermal

_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list

Reply via email to