[ previous ] [ next ] [ threads ]
 From:  Jesse Guardiani <jesse at wingnet dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: Re: M0n0wall v1.2b3 in Bridge Mode
 Date:  Wed, 09 Feb 2005 00:46:44 -0500
Brian Watters wrote:

> Ok .. So this would go along way to explaining why placing rules on the
> WAN interface allowed traffic to flow to the LAN,

Not sure what you mean by that as I haven't followed the instructions
in my setup. I made mine from scratch...

> the directions clearly 
> show an IP on the WAN interface .. So you are saying that if I remove the
> IP altogether from the WAN interface I should be able to only have rules
> applied to the bridged interface ? .. (i.e. WAN/OPT1) and still be able to
> have an IP on a LAN interface?

Yes. And you should then be able to have ANY combination of subnets on either
end of your WAN/OPT1 bridge. The m0n0wall will no longer try to perform any
sort of routing internally on the bridge interface because the bridge doesn't
actually have an IP.

> .. If this is the case then the DOC's need 
> a major rewrite or a fix needs to be in place for 1.2.b4

We'll see what Chris, Manuel, and anyone else who wants to verify my claims
finds. I've been proven wrong before. Quite recently, actually. We need to
make sure this isn't a repeat performance first. :)

> -----Original Message-----
> From: news [mailto:news at sea dot gmane dot org] On Behalf Of Jesse Guardiani
> Sent: Tuesday, February 08, 2005 7:22 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Re: M0n0wall v1.2b3 in Bridge Mode
> Chris Buechler wrote:
>> On Tue, 8 Feb 2005 08:44:26 -0800, Brian Watters
>> <brwatters at abs dash internet dot com> wrote:
>>> Hello all,
>>> In following the directions 100% @
>>> http://m0n0.ch/wall/docbook/examples-filtered-bridge.html our bridge
>>> will FLAT out not work, I wonder if there is any known issues with
>>> Bridging in v1.2b3? .. The above doc is very straight forward and should
> work but ..
>>> Could the online doc be missing any steps? .. Feedback please ...
>> I'm not sure why everybody keeps claiming bridging is broken in b3.  I
>> have one in production which is what that write up is based on, and
>> just set up another from scratch on a test network, following that
>> step by step, to see if I could replicate any problems.  I couldn't,
>> it worked right off.
> I am the original complainer, and I now have a bridged 1.2b3 in production
> right now too. Mine didn't work "right off" though. I ran into plenty of
> problems. However, at the moment, I have three bridge related problems
> that persist:
> 1.) There isn't a good way to NOT assign an IP to the WAN interface. This
>     is a problem if you've already assigned a static IP to the WAN. How
>     do you remove the IP? I had to manually edit my config.xml and then
>     restore it.
>     Why would you want an IP-less bridge? I couldn't get my bridge to be
>     completely transparent with an IP on the WAN interface. The bridge
>     wouldn't pass traffic outside the WAN's subnet. This was a problem
>     for me because I have multiple subnets attached to the bridge. The
>     workaround is fairly simple, but I think this deserves some sort of
>     GUI solution.
> 2.) Anti spoofing rules are preventing me from managing my bridged
>     m0n0wall from outside the LAN interfaces subnet. See this thread
>     for more info:
>     http://tinyurl.com/6bh65
>     This problem exists currently on my production 4801.
> 3.) WAN interface sometimes steals packets from LAN interface when LAN
>     is used for management and OPT1 is bridged with WAN. See this post
>     for details:
>     http://tinyurl.com/5qkm4
> I think some combination of these problems may have resulted in my initial
> general misconceptions about bridging in 1.2b3. Only after testing
> numerous configurations could I begin to identify discrete problems.
> --
> Jesse Guardiani, Systems Administrator
> WingNET Internet Services,
> P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v)  423-559-5145
> (f) http://www.wingnet.net
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)