Re: ipfw broken with bridge under 5.x (5.3 and 5.4)

From: Gavin Atkinson (gavin.atkinson_at_ury.york.ac.uk)
Date: 05/04/05

  • Next message: Josef Karthauser: "Re: ipfw broken with bridge under 5.x (5.3 and 5.4)" 
    To: Josef Karthauser <joe@freebsd.org>
Date: Wed, 04 May 2005 18:13:22 +0100

    On Wed, 2005-05-04 at 15:24 +0100, Josef Karthauser wrote:
    > It appear that ipfw doesn't work with bridge in 5.3 and 5.4. The
    > symptoms are that the bridge stops forwarding packets altogether,
    > for me a few minutes after it is set up. It takes a
    >
    > # net.link.ether.bridge_ipfw=0 && sleep 5 && net.link.ether.bridge_ipfw=1
    >
    > to get it back up and running, which it does, but only for a few
    > minutes before it stops working again. The five second sleep is
    > sometimes too long, and sometimes not enough time.

    I believe I am seeing similar problems to you, though uptime for me is
    generally measurable in days rather than minutes. I've found that
    adding an explicit "allow all from any to any" and then removing it
    again seems to get it working. I will test your solution when mine
    fails again.

    The comment about arp is an interesting one, I will see what I can find
    out. I have however seen situations where (eg) UDP DNS through the
    bridge works but web traffic or terminal services etc may not.

    If you want to share firewall rules and other configuration with me
    off-list to see if there are any similarities I'd be happy to help.

    Gavin
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Josef Karthauser: "Re: ipfw broken with bridge under 5.x (5.3 and 5.4)"

    Relevant Pages