Mike Sweetser - Adhost wrote:
Hello,
I'm attempting to set up a transparent bridge in FreeBSD 7.0 to
eventually act as a PF/Snort box, and it needs to be VLAN aware.
However, I don't seem to be on the right track as far as setting it up.
I have, for instance, VLAN 10 that it needs to be aware of, and this
network segment is on VLAN 10 from a switch higher up. I have the
current setup, but once it's running, I can't ping anything. bge0 is
the outside interface, bge1 is inside:
defaultrouter=192.168.1.1
gateway_enable=YES
cloned_interfaces=bridge0 vlan0 vlan1
ifconfig_vlan0=vlan 10 vlandev bge0
ifconfig_vlan1=vlan 10 vlandev bge1
ifconfig_bridge0=inet 192.168.1.10 netmask 255.255.0.0 addm bge0 addm
bge1 addm vlan0 addm vlan1 up
ifconfig_bge0=up
ifconfig_bge1=up
What am I doing wrong?
I'm pretty sure you *don't* want to bridge the interfaces with their
parents (vlan0 shouldn't be bridged with bge0 -- if it even works, it
would cause tagged packets to be untagged and retransmitted out the
incoming interface (what cisco calls the native vlan) and vice versa).
I've only bridged vlan interfaces -- not their parents. E.g.:
cloned_interfaces=bridge0 vlan190 vlan590
ifconfig_bge0=up
ifconfig_vlan190=vlan 190 vlandev bge1
ifconfig_vlan590=vlan 590 vlandev bge1
ifconfig_bridge0=addm vlan190 addm vlan590
If you want to bridge the parents, I think it would look like this
(YMMV):
cloned_interfaces=bridge0 vlan10
ifconfig_bge0=up
ifconfig_bge1=up
ifconfig_bridge0=addm bge0 addm bge1
ifconfig_vlan10=vlan 10 vlandev bridge0
I don't know how well if_bridge(4) copes with vlan tags -- I know it
breaks if you bridge a vlan(4) with a gif(4). I also don't know if a
vlan interface will happily accept a bridge parent.
--
Chris Cowart
Network Technical Lead
Network Infrastructure Services, RSSP-IT
UC Berkeley
pgpGk1VCg7bG3.pgp
Description: PGP signature
