Hi all,
I have setup a bridge between two interfaces in a pair of OpenBSD fws.
This bridge needs to use an IP address and a carp interface to act as a
gateway for two physical nets using same network range, but it doesn't
works.
My config:
/etc/hostname.em6
up
/etc/hostname.em7
inet 172.25.60.1 255.255.255.240
/etc/hostname.bridge0
add em6 add em7 -blocknonip em6 -blocknonip em7 -stp em6 -stp em7
fwddelay 4 up
and my pf rules are simple:
pass in quick on em6 all
pass out quick on em6 all
block in on em7 all
block out on em7 all
pass in quick on em7 proto tcp from any to any port 80 \
flags S/SA keep state
and pfctl -vvsr:
@2 pass in quick on em6 all flags S/SA keep state
@3 pass out quick on em6 all flags S/SA keep state
@4 block drop in log quick on ! lo0 inet6 from ::1 to any
@5 block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any
@6 block drop in log quick on ! em0 inet from 172.25.50.0/27 to any
@7 block drop in log quick inet from 172.25.50.3 to any prio 0
@8 block drop in log quick on em0 inet6 from fe80::250:56ff:fe2a:ac29 to
any prio 0
@9 block drop in log quick on ! em1 inet from 172.25.80.0/28 to any
@10 block drop in log quick inet from 172.25.80.1 to any prio 0
@11 block drop in log quick on em1 inet6 from fe80::250:56ff:fe38:9a33
to any prio 0
@12 block drop in log quick on ! em7 inet from 172.25.60.0/28 to any
@13 block drop in log quick inet from 172.25.60.1 to any prio 0
@14 block drop in log quick on em7 inet6 from fe80::250:56ff:fe16:8fb1
to any prio 0
@15 block drop quick inet6 all
I can see how packets flows vi em7 interface but not in em6, and in em6
are blocked by rule 13 (antispoof rule)...
What am I doing wrong??
--
CL Martinez
carlopmart {at} gmail {d0t} com
