[ previous ] [ next ] [ threads ]
 
 From:  Bostjan Hojkar <bostjan dot hojkar at fov dot uni dash mb dot si>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Bridge again :)
 Date:  Tue, 18 Nov 2003 09:24:12 +0100
Hi!

Had some more time to fiddle with bridging - and something new came up:

my current config: 2 x 3com905 (xl0 and xl1), configured into bridge
(xl0=WAN, xl1=OPT1, bridge with WAN)

I have 3rd network card 3com509 (ep0), configured as LAN

WAN gets IP from DHCP, and since there is no DHCP it gets 0.0.0.0 (i don't
realy want an IP since i have public IPs and can use them somewhere else,
and segmenting my network is not an option.

LAN's IP is static, public IP inside my network.

OPT1(bridged, ipless) and LAN are on same switch.
I keep geting messages "/kernel: arp: xx:xx:xx:xx:xx is using my IP address
y.y.y.y!

Access to web interface from some computer on LAN sometimes timeouts and is
slow. If i disconnect OPT1 from switch, everything is allright.

So the question i guess would be: What am i doing wrong. Trying to do bridge
firewall here :)
I think i'm not the only one with this kind of configuration (Bruce?) - any1
else seeing same problems?

I searched the net for this problem and actualy came up with some hints:

The core problem would seem to be kernel and interface with no IP or IP
0.0.0.0. (So i guess OPT1 is giving me problems)

http://docs.freebsd.org/mail/archive/2001/freebsd-net/20011021.freebsd-net.html
-------
> Something is broken in the ARP implementation of -CURRENT.

please try this patch (provided by jlemon)

Index: if_ether.c
===================================================================
RCS file: /ncvs/src/sys/netinet/if_ether.c,v
retrieving revision 1.85
diff -u -r1.85 if_ether.c
--- if_ether.c 2001/10/17 18:07:05 1.85
+++ if_ether.c 2001/10/19 15:38:07
@@ -593,10 +593,12 @@
       isaddr.s_addr == ia->ia_addr.sin_addr.s_addr)
    goto match;
  /*
-  * No match, use the first address on the receive interface
+  * No match, use the first inet address on the receive interface
   * as a dummy address for the rest of the function.
   */
- ifa = TAILQ_FIRST(&ifp->if_addrhead);
+ TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link)
+  if (ifa->ifa_addr && ifa->ifa_addr->sa_family == AF_INET)
+   break;
  if (ifa == NULL) {
   m_freem(m);
   return;

/fjoe
---------

Any1 got to this point - thanks for reading. Maybe I included too much info
but i hope to get a helpfull answer.

Regards, Hob