Filtering Bridge blocking traffic for clients with multiple IP/subnets

From:	"Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Filtering Bridge blocking traffic for clients with multiple IP/subnets
Date:	Wed, 14 Dec 2005 12:12:12 +0100

I want to setup a transparent filtering bridge. This device only should provide 
trafficshaping and nothing else. I have set up this in the past with success and
I'm running multiple locations with that kind of setup. However I now have to
install filtering bridges at a location where Clients have multiple IP adresses 
(at the same physical NIC) from different subnets:

Example:

ClientA--------bridged m0n0--------ClientB


ClientA IPs:
192.168.1.1/24
10.1.1.1/24

ClientB IPs:
192.168.1.2/24
10.1.1.2/24

I tried bridging WAN to OPT1 and later LAN to OPT1. Rules at all interfaces are 
any protocol, any source, any destination, allow fragmented packets. Filtering bridge 
is enabled at advanced settings.

If the m0n0s IP at the interface the other one is bridged to is in the range of 192.168.1.x/24 
all 10.1.1.x/24 traffic is blocked. If the IP of the m0n0 is something like 10.1.1.x/24 all
192.168.1.x/24 traffic is blocked (entries in the firewall logs). It appears that all non 
m0n0-range IPs are always blocked.

Replacing the m0n0-bridge with a cable makes the connection happy again. Any thoughts?

Thanks for any suggestions,
Holger

____________
Virus checked by G DATA AntiVirusKit