[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Bostjan Hojkar <bostjan dot hojkar at fov dot uni dash mb dot si>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Bridge again :)
 Date:  Tue, 18 Nov 2003 11:05:05 +0100 
On 18.11.2003, at 09:24, Bostjan Hojkar wrote:

> OPT1(bridged, ipless) and LAN are on same switch.

Ouch! Kinda defeats the purpose of having a separate optional 
interface, doesn't it? If one of your servers is compromised -> voilà, 
instant full access to your LAN.

> Access to web interface from some computer on LAN sometimes timeouts 
> and is
> slow. If i disconnect OPT1 from switch, everything is allright.

So just do it the right way and use a separate switch, so having a 
separate optional interface will actually make sense. ;)

> please try this patch (provided by jlemon)

FreeBSD 4.9 already has this patch. FreeBSD's ARP gets majorly confused 
if it finds two interfaces connecting to the same broadcast domain (I 
can't blame it, either - a setup like that just doesn't usually make 
good sense).

- Manuel