Re: bridge with access on both interfaces
From: Robert Watson (rwatson_at_freebsd.org)
Date: 12/25/03
- Previous message: Robert Watson: "Re: arla"
- In reply to: Ian Smith: "bridge with access on both interfaces"
- Next in thread: Michael Sierchio: "Re: bridge with access on both interfaces"
- Reply: Michael Sierchio: "Re: bridge with access on both interfaces"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 24 Dec 2003 18:44:22 -0500 (EST) To: Ian Smith <smithi@nimnet.asn.au>
On Wed, 24 Dec 2003, Ian Smith wrote:
<snip>
> What I can't get to is setting up both NICs for the same /24, using
> either one or two separate addresses. I'd hoped to get away with one
> IP, which some of the docs (and bridge.c, skimmed) led me to believe
> that any local IPs of this host, on whatever of the bridged interfaces,
> should provide unbridged local stack access - however if we need to have
> 'inside' and 'outside' IPs separately on each bridge interface, fine.
>
> In short, ifconfig appears unwilling to have two NICs covering the same
> /24. Can this be set up? I'm also at a bit of a loss with the routing,
> so inside packets to the bridge box (ie unbridged packets) are responded
> to on the same interface, and outside unbridged packets go only to/from
> the gw. Some tcpdumps on both in and outside interfaces suggest an ARP
> response problem also, perhaps; no responses on the inside iface at all.
>
> I'm unsure if that's too little initial detail or too much?
<snip>
If you want to use IP while bridging, you'll typically want to configure
IP on one of the interfaces making up the bridge, and then simply
"ifconfig up" the remaining interfaces without explicitly configuring IP
on them. If you get ARP warnings, you can silence them using a sysctl (I
can't remember if I got them last time I did this, however).
At one point I rewrote bits of our bridge code to create virtual bridge
interfaces, the idea being that you'd configure IP on the virtual
interface rather than on one of the member interfaces. However, I never
got around to merging those changes -- my real goal was to allow sniffing
of packets to/from the host on any component interface, and BPF only
picked up packets from/to a specific interface (or leaked bridge packets
for unknown target addresses). I'm sure at some point, someone will get
to reimplementing our bridge code to take this approach, however.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org Senior Research Scientist, McAfee Research
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Robert Watson: "Re: arla"
- In reply to: Ian Smith: "bridge with access on both interfaces"
- Next in thread: Michael Sierchio: "Re: bridge with access on both interfaces"
- Reply: Michael Sierchio: "Re: bridge with access on both interfaces"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
