It works. Just after rebooting all included stuff it started to work - kind
of "magic". Sorry for sending my mess and thanks.
Tomasz
pt., 11 mar 2022, 10:28 użytkownik Łukasz Moskała <l...@lukaszmoskala.pl>
napisał:
> W dniu 11.03.2022 o 10:20, T K pisze:
> > Hi list
> > Please forgive me my incompetence, but I have no further idea
> > how to manage setup I try to arrange.
> > I have fujitsu futro box with 2 ethetnet cards, OpenBSD 7.0.
> > I would like to set that box up as a filtering bridge.
> > I guess it is quite common schema:
> > Lan boxes(windows) ----> network
> switch----><re0-BRIDGE-bge0->---->network
> > switch---->host1,host2,host3 etc.
> > Config is made according to manuals, the book of pf and so on:
> > /etc/hostname.bridge0: add re0 add bge0 blocknonip re0 blocknonip em0
> > /etc/hostname.re0: up; /etc/hostname.bge0: up.
> > I also set sysctl.net.inet.ip.forwarding=1, as if it was necessary for
> NAT
> > purposes.
> > Both bridged segments are 10.0.1.0/24 subnets, any blocking/firewalling
> > rules on hosts turned off.
> > If I understand the idea of a bridge whole traffic should be visible on
> > both interfaces of it.
> > I belive the traffic from the "lan-side" reaching my bridge on re0 should
> > be visible on bge0 at the "host"side and the same backwards. As if it was
> > another switch in stack.
> > For testing purposes at the very begining I set pf.conf: "set skip on {
> re0
> > bge0 lo0 }".
> > When I tried to ping "host3" from "lan box" I got "host is down"
> > Then I tried to ping stuff with pf disabled - no success. Same
> (no)effect
> > with pass rules on both re0 and bge0. Finally started network without
> > "blocknonip" option in hostname.bridge0, and tried all pf combitnations
> > mentioned above. Still nothing, I get ICMP answers only from "lan boxes"
> > connected to switch on "lan" side of the bridge but noting gets "throug"
> to
> > the "host" side.
> > Please tell me what am I missing/misunderstanding...?
> > Thanks
> > Tomasz
>
> Hi Tomasz,
>
> > /etc/hostname.bridge0: add re0 add bge0 blocknonip re0 blocknonip em0
>
> I don't know if it's typo in email, but you got em0 here
>
> Is bridge0 actually up? Start by trying ifconfig bridge0 up
> Does tcpdump -ni bridge0 show anything?
>
> Also, please post full output of ifconfig
>
> Best regards
> --
> Łukasz Moskała
>
