3 Interface bridge problem

Kenny Gryp Tue, 01 Jul 2003 16:30:13 -0700

I'm still having problems with my bridge.
Now I have found more information about my problem:


I can connect to the webserver located in fxp1 local network from the internet (fxp0). 
But when I
wait a while, and try to reload the page, the packet filter blocks the packet because 
it wants to
go trough rl1. It has to go to fxp1, so the bridge didn't send it to the proper 
internface. It is 
also _not_ possible that the webserver can be reached from rl1.

I do not know if this is a problem with my bridge configuration or the packet filter. 
It works 
when pf is disabled.

Is it possible that my problem will get solved when:
 * assigning static mac addresses to all interfaces
 * changing something I did wrong when configuring my bridge ( like timeouts )

I tried _a_ _lot_ of different pf.conf's, every configuration it tried failed.


Something that just came up to me:

`man bridge` told me:
        "If the bridge has no knowledge about where the destination is to be found, 
the bridge will
         forward the frame to all attached segments."

Will this produce a problem, when it's sent to every other interface, pf will get the 
packet twice,
_but_ it will block the 'illegal' one (the one to rl1) and will return a packet with R 
flag set 
(Reset)? So the connection gets refused because of that 'illegal' packet?


#### pf.conf file: 
http://dakin.be/~gryp/tmp/pf.conf2

#### Bridge configuration:
It's an 3 interface bridge, one internet interface and two local networks

local fxp1 ---|
              |--- fxp0 internet
local  rl1 ---|

#### output of `brconfig bridge0`:
bridge0: flags=41<UP,RUNNING>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 20
        Interfaces:
                rl1 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
                        port 3 ifpriority 128 ifcost 55
                fxp1 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
                        port 5 ifpriority 128 ifcost 55
                fxp0 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
                        port 2 ifpriority 128 ifcost 55
        Addresses (max cache: 100, timeout: 240):
                00:50:bf:7c:b0:e7 fxp1 1 flags=0<>
                00:30:94:fd:fd:9a fxp0 1 flags=0<>
                00:0a:cd:02:25:22 fxp1 0 flags=0<>
                00:01:02:ae:fc:6f rl1 0 flags=0<>
                00:50:bf:71:39:7c fxp1 1 flags=0<>
                00:e0:7d:90:34:6d rl1 1 flags=0<>
                00:50:bf:71:39:65 fxp1 0 flags=0<>
                00:a0:cc:d2:3b:c7 rl1 0 flags=0<>
                00:c0:4f:17:ea:40 rl1 1 flags=0<>
                00:00:f8:76:5b:38 fxp1 1 flags=0<>
                00:30:94:fd:fc:b6 rl1 1 flags=0<>
                00:40:f4:1e:12:c1 fxp1 1 flags=0<>
                00:10:5a:67:f6:4a rl1 1 flags=0<>
                00:00:e8:6b:4f:20 rl1 1 flags=0<>
                00:20:6f:0b:5d:36 rl1 1 flags=0<>

Thanks in advance.

--
Kenny Gryp
http://gryp.dakin.be

Linux.be:                               http://www.linux.be
Anti Micro$oft Action Front:            http://www.amaf.be
Linux Usergroup West-Vlaanderen:        http://www.lugwv.be
College Linux User Group Torhout:       http://www.c-lugt.be

3 Interface bridge problem

Reply via email to