>I don't know if it's typo in email, but you got em0 here
Hi Łukasz, em0 was of course a typo.
>Is bridge0 actually up? Start by trying ifconfig bridge0 up
I suspect it is, according to ifconfig -A output.
>Does tcpdump -ni bridge0 show anything?
yes lots of stuff actually
>Also, please post full output of ifconfig
ifconfig -A:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
index 3 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
re0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
lladdr 4c:52:62:12:0f:a4
index 1 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex)
status: active
enc0: flags=0<>
index 2 priority 0 llprio 3
groups: enc
status: active
bge0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
lladdr 00:50:b6:1c:b2:3d
index 4 priority 0 llprio 3
media: Ethernet autoselect (100baseTX full-duplex)
status: active
bridge0: flags=41<UP,RUNNING>
index 5 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
re0 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
port 1 ifpriority 0 ifcost 0
bge0 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
port 4 ifpriority 0 ifcost 0
Addresses (max cache: 100, timeout: 240):
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
index 6 priority 0 llprio 3
groups: pflog
ping from windows host (10.0.1.27) output:
C:\Users\tomasz>ping 10.0.1.11
Pinging 10.0.1.11 with 32 bytes of data:
Reply from 10.0.1.27: Destination host unreachable.
Reply from 10.0.1.27: Destination host unreachable.
Reply from 10.0.1.27: Destination host unreachable.
Reply from 10.0.1.27: Destination host unreachable.
Ping statistics for 10.0.1.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Regards
Tomasz
pt., 11 mar 2022 o 10:28 Łukasz Moskała <[email protected]> napisał(a):
> W dniu 11.03.2022 o 10:20, T K pisze:
> > Hi list
> > Please forgive me my incompetence, but I have no further idea
> > how to manage setup I try to arrange.
> > I have fujitsu futro box with 2 ethetnet cards, OpenBSD 7.0.
> > I would like to set that box up as a filtering bridge.
> > I guess it is quite common schema:
> > Lan boxes(windows) ----> network
> switch----><re0-BRIDGE-bge0->---->network
> > switch---->host1,host2,host3 etc.
> > Config is made according to manuals, the book of pf and so on:
> > /etc/hostname.bridge0: add re0 add bge0 blocknonip re0 blocknonip em0
> > /etc/hostname.re0: up; /etc/hostname.bge0: up.
> > I also set sysctl.net.inet.ip.forwarding=1, as if it was necessary for
> NAT
> > purposes.
> > Both bridged segments are 10.0.1.0/24 subnets, any blocking/firewalling
> > rules on hosts turned off.
> > If I understand the idea of a bridge whole traffic should be visible on
> > both interfaces of it.
> > I belive the traffic from the "lan-side" reaching my bridge on re0 should
> > be visible on bge0 at the "host"side and the same backwards. As if it was
> > another switch in stack.
> > For testing purposes at the very begining I set pf.conf: "set skip on {
> re0
> > bge0 lo0 }".
> > When I tried to ping "host3" from "lan box" I got "host is down"
> > Then I tried to ping stuff with pf disabled - no success. Same
> (no)effect
> > with pass rules on both re0 and bge0. Finally started network without
> > "blocknonip" option in hostname.bridge0, and tried all pf combitnations
> > mentioned above. Still nothing, I get ICMP answers only from "lan boxes"
> > connected to switch on "lan" side of the bridge but noting gets "throug"
> to
> > the "host" side.
> > Please tell me what am I missing/misunderstanding...?
> > Thanks
> > Tomasz
>
> Hi Tomasz,
>
> > /etc/hostname.bridge0: add re0 add bge0 blocknonip re0 blocknonip em0
>
> I don't know if it's typo in email, but you got em0 here
>
> Is bridge0 actually up? Start by trying ifconfig bridge0 up
> Does tcpdump -ni bridge0 show anything?
>
> Also, please post full output of ifconfig
>
> Best regards
> --
> Łukasz Moskała
>
