Firewall with 3 NIC (1 wireless) problem
Mark Moellering
mark at msen.com
Thu May 25 19:35:09 PDT 2006
Dennis,
Thanks so much for your help. Here is the ifconfig -v and netstat (a
variety) from both the client and firewall.
Both the client and the firewall have an ath0 (192.168.2.1 for firewall,
192.168.2.5 for the client) and a bge0 (192.168.1.1 for firewall, 192.168.1.2
for client). After booting the client, I disconnect the ethernet cable on
the bge0 interface to force traffic over the wireless ath0.
I am by no means a professional, I may have missed something or be doing
something fairly obviously wrong.
Thanks Again,
Mark Moellering
On Thursday 25 May 2006 12:17 am, Dennis Olvany wrote:
> > net.link.ether.bridge.enable=1
> > net.link.ether.bridge.config=bge0, ath0
>
> Let's have a look at ifconfig and netstat -r. Whats with this bridge?
> Think you'd be better off without it.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
-------------- next part --------------
Script started on Thu May 25 22:19:06 2006
AlphaOne# ifconfig -v
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet6 fe80::209:5bff:fe20:aa23%bge0 prefixlen 64 scopeid 0x1
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:09:5b:20:aa:23
media: Ethernet autoselect (none)
status: no carrier
ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::214:6cff:fe2c:a8c0%ath0 prefixlen 64 scopeid 0x2
inet 192.168.2.5 netmask 0xffffff00 broadcast 192.168.2.255
ether 00:14:6c:2c:a8:c0
media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/24Mbps)
status: associated
ssid psyberation channel 1 (2412) bssid 00:0f:b5:8a:77:44
authmode WPA privacy ON deftxkey UNDEF
TKIP 2:128-bit
TKIP 3:128-bit powersavemode OFF powersavesleep 100 txpowmax 37
txpower 63 rtsthreshold 2346 mcastrate 1 fragthreshold 2346 -pureg
protmode CTS -wme burst roaming MANUAL bintval 100 -countermeasures
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
AlphaOne# exit
exit
Script done on Thu May 25 22:19:37 2006
-------------- next part --------------
Script started on Thu May 25 22:20:31 2006
AlphaOne# netstat
Active UNIX domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
c3e912bc stream 0 0 0 c3db97a8 0 0 /tmp/ksocket-Mark/kontactHOPVSF.slave-socket
c3db97a8 stream 0 0 0 c3e912bc 0 0
c3db9dac stream 0 0 0 c3db9c08 0 0 /tmp/ksocket-Mark/kontactpn6RzM.slave-socket
c3db9c08 stream 0 0 0 c3db9dac 0 0
c3d2d7a8 stream 0 0 0 c3db9c94 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3db9c94 stream 0 0 0 c3d2d7a8 0 0
c3d2d834 stream 0 0 0 c3db9e38 0 0 /tmp/.ICE-unix/646
c3db9e38 stream 0 0 0 c3d2d834 0 0
c3db9af0 stream 0 0 0 c3db9834 0 0 /tmp/.X11-unix/X0
c3db9834 stream 0 0 0 c3db9af0 0 0
c3db9604 stream 0 0 0 c3db9690 0 0 /tmp/ksocket-Mark/klaunchersC8lmq.slave-socket
c3db9690 stream 0 0 0 c3db9604 0 0
c3db98c0 stream 0 0 0 c3db994c 0 0 /tmp/fam-Mark/fam-
c3db994c stream 0 0 0 c3db98c0 0 0
c3e91348 stream 0 0 0 c3e913d4 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3e913d4 stream 0 0 0 c3e91348 0 0
c3e91460 stream 0 0 0 c3e914ec 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3e914ec stream 0 0 0 c3e91460 0 0
c3e91578 stream 0 0 0 c3e91604 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3e91604 stream 0 0 0 c3e91578 0 0
c3e91690 stream 0 0 0 c3e9171c 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3e9171c stream 0 0 0 c3e91690 0 0
c3db9230 stream 0 0 0 c3db92bc 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3db92bc stream 0 0 0 c3db9230 0 0
c3d2dd20 stream 0 0 0 c3d2dc08 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3d2dc08 stream 0 0 0 c3d2dd20 0 0
c3d2ddac stream 0 0 0 c3d2d71c 0 0 /tmp/.ICE-unix/646
c3d2d71c stream 0 0 0 c3d2ddac 0 0
c368dc94 stream 0 0 0 c368dc08 0 0 /tmp/.X11-unix/X0
c368dc08 stream 0 0 0 c368dc94 0 0
c368c4ec stream 0 0 0 c368c460 0 0 /tmp/.ICE-unix/dcop625-1148609162
c368c460 stream 0 0 0 c368c4ec 0 0
c3d2d348 stream 0 0 0 c3d2d3d4 0 0 /tmp/ksocket-Mark/AlphaOne.psyberation.com-0281-44766290
c3d2d3d4 stream 0 0 0 c3d2d348 0 0
c3d2d460 stream 0 0 0 c3d2d4ec 0 0 /tmp/.ICE-unix/646
c3d2d4ec stream 0 0 0 c3d2d460 0 0
c3d2d578 stream 0 0 0 c3d2d604 0 0 /tmp/.X11-unix/X0
c3d2d604 stream 0 0 0 c3d2d578 0 0
c3d2d8c0 stream 0 0 0 c3d2d94c 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3d2d94c stream 0 0 0 c3d2d8c0 0 0
c3db9000 stream 0 0 0 c3db908c 0 0 /tmp/.ICE-unix/646
c3db908c stream 0 0 0 c3db9000 0 0
c3db9118 stream 0 0 0 c3db91a4 0 0 /tmp/.X11-unix/X0
c3db91a4 stream 0 0 0 c3db9118 0 0
c3db9348 stream 0 0 0 c3db93d4 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3db93d4 stream 0 0 0 c3db9348 0 0
c3db9460 stream 0 0 0 c3db94ec 0 0 /tmp/.ICE-unix/646
c3db94ec stream 0 0 0 c3db9460 0 0
c368d9d8 stream 0 0 0 c3d2d2bc 0 0 /tmp/.X11-unix/X0
c3d2d2bc stream 0 0 0 c368d9d8 0 0
c3a19000 stream 0 0 0 c368daf0 0 0 /tmp/.ICE-unix/dcop625-1148609162
c368daf0 stream 0 0 0 c3a19000 0 0
c3a19c08 stream 0 0 0 c3a19b7c 0 0 /tmp/fam-Mark/fam-
c3a19b7c stream 0 0 0 c3a19c08 0 0
c3a19d20 stream 0 0 0 c3a19c94 0 0 /tmp/.ICE-unix/646
c3a19c94 stream 0 0 0 c3a19d20 0 0
c3a19230 stream 0 0 0 c3a191a4 0 0 /tmp/.X11-unix/X0
c3a191a4 stream 0 0 0 c3a19230 0 0
c3a197a8 stream 0 0 0 c3a1971c 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3a1971c stream 0 0 0 c3a197a8 0 0
c3a192bc stream 0 0 0 c3a19348 0 0 /tmp/.ICE-unix/646
c3a19348 stream 0 0 0 c3a192bc 0 0
c3a194ec stream 0 0 0 c3a19578 0 0 /tmp/fam-Mark/fam-
c3a19578 stream 0 0 0 c3a194ec 0 0
c3a19604 stream 0 0 0 c3a19690 0 0 /tmp/.X11-unix/X0
c3a19690 stream 0 0 0 c3a19604 0 0
c3a19834 stream 0 0 0 c3a198c0 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3a198c0 stream 0 0 0 c3a19834 0 0
c3a1994c stream 0 0 0 c3a199d8 0 0 /tmp/.ICE-unix/646
c3a199d8 stream 0 0 0 c3a1994c 0 0
c3a19a64 stream 0 0 0 c3a19af0 0 0 /tmp/.X11-unix/X0
c3a19af0 stream 0 0 0 c3a19a64 0 0
c3a19dac stream 0 0 0 c3a19e38 0 0 /tmp/.ICE-unix/dcop625-1148609162
c3a19e38 stream 0 0 0 c3a19dac 0 0
c3a19ec4 stream 0 0 0 c3d2d000 0 0 /tmp/fam-Mark/fam-
c3d2d000 stream 0 0 0 c3a19ec4 0 0
c3d2d08c stream 0 0 0 c3d2d118 0 0 /tmp/.ICE-unix/646
c3d2d118 stream 0 0 0 c3d2d08c 0 0
c3d2d1a4 stream 0 0 0 c3d2d230 0 0 /tmp/.X11-unix/X0
c3d2d230 stream 0 0 0 c3d2d1a4 0 0
c3a1908c stream 0 0 0 c368ddac 0 0 /tmp/.ICE-unix/dcop625-1148609162
c368ddac stream 0 0 0 c3a1908c 0 0
c368dd20 stream 0 0 0 c368dec4 0 0 /tmp/.ICE-unix/646
c368dec4 stream 0 0 0 c368dd20 0 0
c368de38 stream 0 0 0 c368c8c0 0 0 /tmp/.ICE-unix/dcop625-1148609162
c368c8c0 stream 0 0 0 c368de38 0 0
c368c94c stream 0 0 0 c368d7a8 0 0 /tmp/.ICE-unix/646
c368d7a8 stream 0 0 0 c368c94c 0 0
c368d834 stream 0 0 0 c368d690 0 0 /tmp/.X11-unix/X0
c368d690 stream 0 0 0 c368d834 0 0
c368d71c stream 0 0 c3caacc0 0 0 0 /tmp/.ICE-unix/646
c368d578 stream 0 0 c3cb5220 0 0 0 /tmp/ksocket-Mark/AlphaOne.psyberation.com-0281-44766290
c368d604 stream 0 0 0 c368d2bc 0 0 /tmp/.ICE-unix/dcop625-1148609162
c368d2bc stream 0 0 0 c368d604 0 0
c368d230 stream 0 0 0 c368da64 0 0 /tmp/.X11-unix/X0
c368da64 stream 0 0 0 c368d230 0 0
c368db7c stream 0 0 0 c368d08c 0 0 /tmp/ksocket-Mark/kdeinit__0
c368d08c stream 0 0 0 c368db7c 0 0
c368d118 stream 0 0 0 c368d1a4 0 0 /tmp/.X11-unix/X0
c368d1a4 stream 0 0 0 c368d118 0 0
c368d348 stream 0 0 0 c368d3d4 0 0 /tmp/.ICE-unix/dcop625-1148609162
c368d3d4 stream 0 0 0 c368d348 0 0
c368d460 stream 0 0 0 c368d4ec 0 0 /tmp/.X11-unix/X0
c368d4ec stream 0 0 0 c368d460 0 0
c368d8c0 stream 0 0 0 c368d94c 0 0 /tmp/.ICE-unix/dcop625-1148609162
c368d94c stream 0 0 0 c368d8c0 0 0
c3a19118 stream 0 0 0 c368c71c 0 0 /tmp/fam-Mark/fam-
c368c71c stream 0 0 0 c3a19118 0 0
c368c690 stream 0 0 c3a09440 0 0 0 /tmp/fam-Mark/fam-
c368cec4 stream 0 0 0 c368ce38 0 0 /tmp/.X11-unix/X0
c368ce38 stream 0 0 0 c368cec4 0 0
c368c834 stream 0 0 0 c368c7a8 0 0 /tmp/.ICE-unix/dcop625-1148609162
c368c7a8 stream 0 0 0 c368c834 0 0
c368c578 stream 0 0 0 c368c604 0 0 /tmp/.X11-unix/X0
c368c604 stream 0 0 0 c368c578 0 0
c368c230 stream 0 0 c39ef880 0 0 0 /tmp/ksocket-Mark/klaunchersC8lmq.slave-socket
c368c1a4 stream 0 0 0 c368c000 0 0 /tmp/.ICE-unix/dcop625-1148609162
c368c000 stream 0 0 0 c368c1a4 0 0
c368c08c stream 0 0 0 c368c118 0 0
c368c118 stream 0 0 0 c368c08c 0 0
c368c2bc stream 0 0 c39e2220 0 0 0 /tmp/.ICE-unix/dcop625-1148609162
c368c348 stream 0 0 c39bfdd0 0 0 0 /tmp/ksocket-Mark/kdeinit-:0
c368c3d4 stream 0 0 c39c2000 0 0 0 /tmp/ksocket-Mark/kdeinit__0
c368c9d8 stream 0 0 0 c368ca64 0 0 /tmp/.X11-unix/X0
c368ca64 stream 32 0 0 c368c9d8 0 0
c368caf0 stream 0 0 c3921aa0 0 0 0 /tmp/.X11-unix/X0
c368d000 stream 0 0 c358c660 0 0 0 /var/run/devd.pipe
c368cb7c dgram 0 0 0 c368cd20 0 c368cc94
c368cc08 dgram 0 0 0 c368cdac 0 0
c368cc94 dgram 0 0 0 c368cd20 0 0
c368cd20 dgram 0 0 c36aa660 0 c368cb7c 0 /var/run/logpriv
c368cdac dgram 0 0 c36aa770 0 c368cc08 0 /var/run/log
AlphaOne#
AlphaOne# netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGS 0 290 bge0
localhost localhost UH 0 0 lo0
192.168.1 link#1 UC 0 0 bge0
192.168.1.1 00:40:f4:47:23:54 UHLW 2 3 bge0 226
192.168.2 link#2 UC 0 0 ath0
192.168.2.1 00:0f:b5:8a:77:44 UHLW 1 4 ath0 893
Internet6:
Destination Gateway Flags Netif Expire
localhost.psyberat localhost.psyberat UH lo0
fe80::%bge0 link#1 UC bge0
fe80::209:5bff:fe2 00:09:5b:20:aa:23 UHL lo0
fe80::%ath0 link#2 UC ath0
fe80::214:6cff:fe2 00:14:6c:2c:a8:c0 UHL lo0
fe80::%lo0 fe80::1%lo0 U lo0
fe80::1%lo0 link#4 UHL lo0
ff01:1:: link#1 UC bge0
ff01:2:: link#2 UC ath0
ff01:4:: localhost.psyberat UC lo0
ff02::%bge0 link#1 UC bge0
ff02::%ath0 link#2 UC ath0
ff02::%lo0 localhost.psyberat UC lo0
AlphaOne# exit
exit
Script done on Thu May 25 22:21:43 2006
-------------- next part --------------
Script started on Thu May 25 22:43:25 2006
> netstat
Active UNIX domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
c1b594ec stream 0 0 c1b5b880 0 0 0 /var/run/devd.pipe
c1b59690 stream 0 0 0 c1b5971c 0 0
c1b5971c stream 0 0 0 c1b59690 0 0
c1b5908c dgram 0 0 0 c1b592bc 0 c1b59000
c1b59000 dgram 0 0 0 c1b592bc 0 c1b59230
c1b59118 dgram 0 0 c1ddeaa0 0 0 0 /var/run/hostapd/ath0
c1b591a4 dgram 0 0 0 c1b59348 0 0
c1b59230 dgram 0 0 0 c1b592bc 0 0
c1b592bc dgram 0 0 c1beedd0 0 c1b5908c 0 /var/run/logpriv
c1b59348 dgram 0 0 c1bfb000 0 c1b591a4 0 /var/run/log
> netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default c-68-61-202-129.hs UGS 0 342 rl0
68.61.202.128/25 link#2 UC 0 0 rl0
c-68-61-202-129.hs 00:05:5f:e9:8c:a9 UHLW 2 0 rl0 1199
localhost localhost UH 0 0 lo0
192.168.1 link#1 UC 0 0 bge0
192.168.1.2 00:09:5b:20:aa:23 UHLW 1 325 bge0 110
192.168.2 link#3 UC 0 0 ath0
192.168.2.5 00:14:6c:2c:a8:c0 UHLW 1 4 ath0 793
Internet6:
Destination Gateway Flags Netif Expire
localhost.psyberat localhost.psyberat UH lo0
fe80::%bge0 link#1 UC bge0
fe80::240:f4ff:fe4 00:40:f4:47:23:54 UHL lo0
fe80::%rl0 link#2 UC rl0
fe80::2e0:7dff:fec 00:e0:7d:c1:74:44 UHL lo0
fe80::%ath0 link#3 UC ath0
fe80::20f:b5ff:fe8 00:0f:b5:8a:77:44 UHL lo0
fe80::%lo0 fe80::1%lo0 U lo0
fe80::1%lo0 link#6 UHL lo0
ff01:1:: link#1 UC bge0
ff01:2:: link#2 UC rl0
ff01:3:: link#3 UC ath0
ff01:6:: localhost.psyberat UC lo0
ff02::%bge0 link#1 UC bge0
ff02::%rl0 link#2 UC rl0
ff02::%ath0 link#3 UC ath0
ff02::%lo0 localhost.psyberat UC lo0
> netstat -i
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
bge0 1500 <Link#1> 00:40:f4:47:23:54 286 0 328 0 0
bge0 1500 fe80:1::240:f fe80:1::240:f4ff: 0 - 0 - -
bge0 1500 192.168.1 192.168.1.1 22 - 0 - -
rl0 1500 <Link#2> 00:e0:7d:c1:74:44 11415 0 350 0 0
rl0 1500 fe80:2::2e0:7 fe80:2::2e0:7dff: 0 - 0 - -
rl0 1500 68.61.202.128 c-68-61-202-251.h 13 - 84 - -
ath0 2290 <Link#3> 00:0f:b5:8a:77:44 13 2 18 0 0
ath0 2290 fe80:3::20f:b fe80:3::20f:b5ff: 0 - 2 - -
ath0 2290 192.168.2 192.168.2.1 4 - 4 - -
plip0 1500 <Link#4> 0 0 0 0 0
pflog 33208 <Link#5> 0 0 0 0 0
lo0 16384 <Link#6> 0 0 0 0 0
lo0 16384 localhost.psy ::1 0 - 0 - -
lo0 16384 fe80:6::1 fe80:6::1 0 - 0 - -
lo0 16384 your-net localhost 0 - 0 - -
> exit
exit
Script done on Thu May 25 22:43:56 2006
-------------- next part --------------
Script started on Thu May 25 22:42:40 2006
> ifconfig -v
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet6 fe80::240:f4ff:fe47:2354%bge0 prefixlen 64 scopeid 0x1
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:40:f4:47:23:54
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 fe80::2e0:7dff:fec1:7444%rl0 prefixlen 64 scopeid 0x2
inet 68.61.202.251 netmask 0xffffff80 broadcast 255.255.255.255
ether 00:e0:7d:c1:74:44
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2290
inet6 fe80::20f:b5ff:fe8a:7744%ath0 prefixlen 64 scopeid 0x3
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
ether 00:0f:b5:8a:77:44
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: associated
ssid psyberation channel 1 (2412) bssid 00:0f:b5:8a:77:44
authmode WPA privacy MIXED deftxkey 3
TKIP 2:128-bit
TKIP 3:128-bit powersavemode OFF powersavesleep 100 txpowmax 37
txpower 63 rtsthreshold 2346 mcastrate 1 fragthreshold 2346 -pureg
protmode CTS -wme burst ssid SHOW apbridge dtimperiod 1 bintval 100
-countermeasures
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet 127.0.0.1 netmask 0xff000000
> exit
exit
Script done on Thu May 25 22:42:53 2006
More information about the freebsd-questions
mailing list