|
||||||||
-----Original Message----- From: Bostjan Hojkar [mailto:bostjan dot hojkar at fov dot uni dash mb dot si] Sent: dinsdag 18 november 2003 9:24 To: m0n0wall at lists dot m0n0 dot ch Subject: [m0n0wall] Bridge again :) > OPT1(bridged, ipless) and LAN are on same switch. This will cause your switch to go berzerk (which will cause the slow interface)... What is your goal by putting 2 interfaces with the same IP-address on the same switch? How do you force the traffic to pass your firewall this way? Joachim ==================== Access to web interface from some computer on LAN sometimes timeouts and is slow. If i disconnect OPT1 from switch, everything is allright. So the question i guess would be: What am i doing wrong. Trying to do bridge firewall here :) I think i'm not the only one with this kind of configuration (Bruce?) - any1 else seeing same problems? I searched the net for this problem and actualy came up with some hints: The core problem would seem to be kernel and interface with no IP or IP 0.0.0.0. (So i guess OPT1 is giving me problems) http://docs.freebsd.org/mail/archive/2001/freebsd-net/20011021.freebsd-net.h tml ------- > Something is broken in the ARP implementation of -CURRENT. please try this patch (provided by jlemon) Index: if_ether.c =================================================================== RCS file: /ncvs/src/sys/netinet/if_ether.c,v retrieving revision 1.85 diff -u -r1.85 if_ether.c --- if_ether.c 2001/10/17 18:07:05 1.85 +++ if_ether.c 2001/10/19 15:38:07 @@ -593,10 +593,12 @@ isaddr.s_addr == ia->ia_addr.sin_addr.s_addr) goto match; /* - * No match, use the first address on the receive interface + * No match, use the first inet address on the receive interface * as a dummy address for the rest of the function. */ - ifa = TAILQ_FIRST(&ifp->if_addrhead); + TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) + if (ifa->ifa_addr && ifa->ifa_addr->sa_family == AF_INET) + break; if (ifa == NULL) { m_freem(m); return; /fjoe --------- Any1 got to this point - thanks for reading. Maybe I included too much info but i hope to get a helpfull answer. Regards, Hob --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch ----------------------------------------------- MISSION STATEMENT ----------------------------------------------- Océ enables its customers to manage their documents efficiently and effectively by offering innovative print and document management products and services for professional environments. ----------------------------------------------- DISCLAIMER ----------------------------------------------- This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (0032-2-729.48.11) or by e-mail and delete the material from any computer. Oce-Belgium/Oce-Interservices is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time. This e-mail message does not bring about a contractual obligation for Oce-Belgium/Oce-Interservices. Thank you for your cooperation. For further information about Oce-Belgium/Oce-Interservices please see our website at www.oce.be ----------------------------------------------- |