[ previous ] [ next ] [ threads ]
 From:  Kolia <nika at hotmail dot ge>
 To:  Matchstick <matchstick at oofg dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Transparent bridge
 Date:  Fri, 09 Jul 2004 16:02:29 +0400
I sniffed packets between my host and m0n0's LAN interface and I saw 
that m0n0 answered with correct MAC address (LAN) to the ARP request 
from my host so it's not likely that this is ARP problem.


Matchstick wrote:

>Friday, July 9, 2004, 8:22:02 AM, Kolia (nika at hotmail dot ge) wrote:
>K> Greetings,
>K> Recently I downloaded latest beta of the m0n0wall (1.1b15) and tried to
>K> acomplish following:
>K>                    bridging
>K>          +------------------------+
>K>          |                        |
>K> inet <-------> WAN [m0n0] OPT1 <------> customers
>K>                      LAN
>K>                       ^
>K>                       |
>K>                   management
>K> i.e. want bridging with filtering between WAN and OPT1 and management on
>K> LAN interface.
>K> I assigned an IP address to LAN interface and was able to get into
>K> WebGUI. Then I went to 'OPT1' page and setup bridging between WAN and
>K> OPT1. So far so good. Then I tried to enable OPT1 interface and as soon
>K> as did this m0n0 GUI stopped responding although traffic between WAN and
>K> OPT1 was Ok. I also wasn't able to ping LAN interface. Rebooting m0n0
>K> didn't help and I was forced to reset config. I played with firewall
>K> rules and allowed any to any on all interfaces but no success.
>K> Then I burned iso image with 1.0.img and got what I wanted. Any ideas of
>K> what I was doing wrong with 1.1b15?
>K> Thank you in advance,
>K> Kolia
>I'm running pretty much the same configuration as you and wondering if
>this is the same problem I had when I switched from a PC based
>m0n0wall to a WRAP board.
>Basically, as the OPT1 interface was running in promiscuous mode (so it
>could form the bridge) it was responding to all ARP requests for the
>LAN interface hardware address, before the LAN interface itself
>managed to reply which meant that traffic for the LAN interface get
>redirected through the bridge.
>To test if it is this, try setting a static entry for the LAN IP
>address in your client PCs ARP table and see if you can now connect to the
>m0n0wall admin pages.
>To actually fix the problem once I'd identified it (and that took me
>quite a while) I simply swapped the Network Ports for LAN and OPT1
>over in the Assign Network Ports page on M0n0 and I haven't had a
>problem since (though an alternative if this doesn't work is to set up
>your client PCs to load the static ARP entry into the table at boot).
>Hope this helps.