On 10/23/05, Thomas <[EMAIL PROTECTED]> wrote: > Took me a while to test this, especially since I had to recover from 0.89, > which stopped my box from booting (complaining about a parse error in > dyndns.class). > > Not quite there yet, so here's brain food for the gurus (as I've pointed out > before, I'm rather new to BSD, coming from the Wintel world). First of all, > thanks for the modules, Scott. I've later worked out that ng_ether and > ng_iface are already in the kernel, so that only ng_eiface was actually > required. > > I've managed to get the virtual interfaces up and bridged using netgraph, > individual MAC addresses and all (don't forget to disable ARP messages or > they'll drive you nuts, as you now have multiple interfaces sharing a > network). BUT, it doesn't work. It's as if something was stopping "traffic > crossing the bridge", even though I don't see an entry in the FW log > (default rule). > > If I test the same on a Freesbie 1.1 box (FreeBSD 5.3), all works fine > (well, at least the DHCP server sees the different MAC addresses requesting > leases and issues them accordingly, I'll blame the fact that the IP address > isn't always contained in the ifconfig output to a "feature"/bug in 5.3s > dhclient). > > There's probably a very easy way to fix this, but I doubt I'll figure it out > myself :-) > > Thanks > Thomas
Depending on what interface names the eiface interfaces come up as try adding: pass on $eiface any somewhere above the fallthru deny in /tmp/rules.debug and then do a pfctl -f /tmp/rules.debug to reload it. Alternately if you don't mind losing filtering for the purpose of testing to make sure it's not pf (and just not getting logged) try: pfctl -d which will disable filtering pfctl -e will re-enable when done. The fact that this does work in FreeSBIE makes me suspect pfctl. Also, ohhhh...thought just came to mind, the traffic might be getting NAT'd to the physical IPs address - all the more reason to disable PF for the test :) --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
