Bridge Not Forwarding ARP
Eugene Grosbein
eugen at grosbein.net
Mon Jul 8 18:22:25 UTC 2019
09.07.2019 0:43, Michael Sierchio wrote:
> On Mon, Jul 8, 2019 at 10:33 AM Eugene Grosbein <eugen at grosbein.net> wrote:
>
> 09.07.2019 0:19, Dan Lists wrote:
>>
>>> On Mon, Jul 8, 2019 at 11:55 AM Michael Sierchio <kudzu at tenebras.com>
>> wrote:
>>>
>>>> What's your firewall ruleset look like? (show, don't tell)
>>> The firewall is off for testing (the machine is only on a private
>> network).
>>> # ipfw list
>>> 65535 allow ip from any to any
>>>> What does sysctl report on the interfaces and on arp?
>>> I have not changed any settings.
>>
>> Show output of ifconfig for the bridge and for its members, too.
>> I suppose some misconfiguration like IP address assigned to member
>> interfaces that is wrong.
>> All IP addresses need to be moved to the bridge interface itself.
>>
>>
> Does 'ip' in ipfw match arp packets?
We have net.link.bridge.ipfw_arp that defaults to 0 (false):
$ sysctl -d net.link.bridge.ipfw_arp
net.link.bridge.ipfw_arp: Filter ARP packets through IPFW layer2
If one changes it to 1 so ipfw would get bridged ARP frames,
then answer to your question should depend on value of net.link.ether.ipfw (0 by default)
as ARP packets have no IP header. So if you change so many sysctls, you will be able
to filter ARP frames with "ip" keyword as "ip" equals to "all" in ipfw.
More information about the freebsd-net
mailing list