Bridge Not Forwarding ARP
Michael Sierchio
kudzu at tenebras.com
Mon Jul 8 19:42:42 UTC 2019
On Mon, Jul 8, 2019 at 11:22 AM Eugene Grosbein <eugen at grosbein.net> wrote:
> 09.07.2019 0:43, Michael Sierchio wrote:
>
> > On Mon, Jul 8, 2019 at 10:33 AM Eugene Grosbein <eugen at grosbein.net>
> wrote:
> >
> > 09.07.2019 0:19, Dan Lists wrote:
> >>
> >>> On Mon, Jul 8, 2019 at 11:55 AM Michael Sierchio <kudzu at tenebras.com>
> >> wrote:
> >>>
> >>>> What's your firewall ruleset look like? (show, don't tell)
> >>> The firewall is off for testing (the machine is only on a private
> >> network).
> >>> # ipfw list
> >>> 65535 allow ip from any to any
> >>>> What does sysctl report on the interfaces and on arp?
> >>> I have not changed any settings.
> >>
> >> Show output of ifconfig for the bridge and for its members, too.
> >> I suppose some misconfiguration like IP address assigned to member
> >> interfaces that is wrong.
> >> All IP addresses need to be moved to the bridge interface itself.
> >>
> >>
> > Does 'ip' in ipfw match arp packets?
>
> We have net.link.bridge.ipfw_arp that defaults to 0 (false):
>
> $ sysctl -d net.link.bridge.ipfw_arp
> net.link.bridge.ipfw_arp: Filter ARP packets through IPFW layer2
>
> If one changes it to 1 so ipfw would get bridged ARP frames,
> then answer to your question should depend on value of net.link.ether.ipfw
> (0 by default)
> as ARP packets have no IP header. So if you change so many sysctls, you
> will be able
> to filter ARP frames with "ip" keyword as "ip" equals to "all" in ipfw.
>
>
Right, thanks, and Dan's sysctl output has
net.link.bridge.ipfw_arp: 0
--
"Well," Brahmā said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."
- The Mahābhārata
More information about the freebsd-net
mailing list