Bridge not Forwarding ARP
Dan Lists
lists.dan at gmail.com
Thu Apr 25 00:37:08 UTC 2019
I am trying to set up a bridged firewall in VMWare. I have a test setup
like this:
Internal --- vswitch --- (em2) Filter (em1) -- switch -- External
The Internal, Filter, and External servers are all running FreeBSD 11.2.
Filter has a bridge0 using members em1 (external side) and em2 (internal
side).
If I ping from Internal to External I see ARP Requests on em2, bridge0, and
em1 of Filter. I see ARP Replies on em1 but they do not show up on
bridge0. This is the same with or without a firewall running on Filter.
If I ping from External to Internal then I see both ARP Requests and
Replies on all interfaces and the ping works.
I searched and read documentation and everything I can find says that ARP
packets should be forwarded over the bridge. Why are the ARP Replies only
being forwarded in one direction?
I was looking at sysctl output and I found kern.features.security_mac but
google search didn't turn up and documentation. I tried to change it
(sysctl and loader.conf) but it seems hard coded to 1.
I'm not really sure what to try. Any help would be appreciated.
More information about the freebsd-questions
mailing list