Hello everyone, I have two machines with OBSD intalled on them. Both will be firewalls filtrating traffic from a DMZ. I need to avoid single points of failure, so the whole architecture is redundant. This is a simple diagram of my architecture:
DMZ DMZ | | FW1 -------- --------FW2 | \ / | | \/ | switch1------ -------switch2 | | ----------------internal network Both OBSD machines will be used as firewalls running PF. I am creating a bridge in each firewall. Creating a /etc/bridgename.bridge0 that contains: add vr0 add vr1 add msk0 stp vr0 #I'm pretty sure this is done by default stp vr1 stp msk0 up Both firewalls are connected to both switches. These are Dell 2816 with RSTP activated on all ports. From time to time I get loops and traffic raises and collapses my testing network bandwith. This points that Spanning Tree is bad configured, but I don't know what I'm missing. I don't know what to look for. brconfig shows bridges are running on rstp and the interfaces are in learning mode. The rstp roles are automatically set and look correct. On the other side, my Dell switches have rstp activated. Packet Filter is not activated yet. Any way to find out what is going wrong here? pointer to good up to date how-tos on bridge firewalling? Thanks, regards Miguel Araujo
