RE: no response on unnumbered bridged interface?
-Original Message- From: Micheal Patterson [mailto:[EMAIL PROTECTED] Sent: 01 September 2003 23:49 To: Aled Treharne; [EMAIL PROTECTED] Subject: Re: no response on unnumbered bridged interface? [SNIP] Is the system configured to forward packets? Assuming that 5.x has the following variables available (I still run 4.8 here), try: sysctl -a |grep forwarding You should see net.inet.ip.forwarding: 1. If it's 0, then your system won't pass traffic between the the interfaces. You're right, it won't. *sigh* But it does now. Thanks for that. I can't believe I missed that one out. There ends a weekend of pissing around (all hardware sucks). :) Now to see if I can trim down my ruleset a little bit. Cheers, Aled. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
no response on unnumbered bridged interface?
Hi guys. I've just upgraded (aka reinstalled) my firewall up to 5.1-RELEASE. The hardware isn't particularly new, but it's been quite happily trudging along for the past few years using 4.something. However, with 5.1, I've found weirdness and I wanted to check to see if this is expected behaviour or not. The machine has two 3C509's ep0 (external) and ep1 (internal). Ep0 is numbered and the following sysctl variables set: Net.link.ether.bridge_cfg=ep0,ep1 Net.link.ether.bridge_ipfw=1 Net.link.ether.bridge=1 Now it bridges quite happily ( I have IPFIREWALL_DEFAULT_ACCEPT set in the kernel), and I can ping back and forth without any problem. However, if I try and access the bridge from a machine connected to the switch on the inside interface, it doesn't respond. Tcdump on the box shows ECHO request packets, I see arp traffic (and the inside machine has the correct mac address), but I see no echo responses. This is a problem, since I'd like to admin this box from inside my network. :) I also wouldn't mind the box seeing the internal network... I can't see anything wrong with what I've got, and there's nothing in the docs about this problem. I also experienced this problem with a Intel EtherExpress Pro I had in there as the internal interface, and both the ep1 card and the Intel NIC have worked in other boxes. Has anyone got any ideas on what's going on here? As far as I can tell, the config is identical to my previous installation... Cheers, Aled. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: no response on unnumbered bridged interface?
- Original Message - From: Aled Treharne [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 01, 2003 5:12 PM Subject: no response on unnumbered bridged interface? Hi guys. I've just upgraded (aka reinstalled) my firewall up to 5.1-RELEASE. The hardware isn't particularly new, but it's been quite happily trudging along for the past few years using 4.something. However, with 5.1, I've found weirdness and I wanted to check to see if this is expected behaviour or not. The machine has two 3C509's ep0 (external) and ep1 (internal). Ep0 is numbered and the following sysctl variables set: Net.link.ether.bridge_cfg=ep0,ep1 Net.link.ether.bridge_ipfw=1 Net.link.ether.bridge=1 Now it bridges quite happily ( I have IPFIREWALL_DEFAULT_ACCEPT set in the kernel), and I can ping back and forth without any problem. However, if I try and access the bridge from a machine connected to the switch on the inside interface, it doesn't respond. Tcdump on the box shows ECHO request packets, I see arp traffic (and the inside machine has the correct mac address), but I see no echo responses. This is a problem, since I'd like to admin this box from inside my network. :) I also wouldn't mind the box seeing the internal network... I can't see anything wrong with what I've got, and there's nothing in the docs about this problem. I also experienced this problem with a Intel EtherExpress Pro I had in there as the internal interface, and both the ep1 card and the Intel NIC have worked in other boxes. Has anyone got any ideas on what's going on here? As far as I can tell, the config is identical to my previous installation... Cheers, Aled. Is the system configured to forward packets? Assuming that 5.x has the following variables available (I still run 4.8 here), try: sysctl -a |grep forwarding You should see net.inet.ip.forwarding: 1. If it's 0, then your system won't pass traffic between the the interfaces. -- Micheal Patterson Network Administration Cancer Care Network 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
