Re: ARP Question - Maybe?
From: Nathan Kinkade (nkinkade_at_fastmail.fm)
Date: 09/27/03
- Previous message: Glenn Johnson: "Re: Problem with cups"
- In reply to: Drew Tomlinson: "ARP Question - Maybe?"
- Next in thread: Drew Tomlinson: "Re: ARP Question - Maybe?"
- Reply: Drew Tomlinson: "Re: ARP Question - Maybe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 27 Sep 2003 16:55:35 +0000 To: Drew Tomlinson <drew@mykitchentable.net>
On Sat, Sep 27, 2003 at 03:31:16PM -0700, Drew Tomlinson wrote:
> I'm trying to get a Linksys WET11 Wireless Ethernet Bridge working with a
> D-Link 530 NIC that uses the rl driver. I have configured the bridge and
> gotten it to work with a Windows XP box if I tell the bridge to use "MAC
> address cloning". However I can not get it working on my 4.8 FBSD box.
>
> I'm not really sure but I suspect my problem might be with ARP? The rl0
> interface is configured as 192.168.100.2 and the bridge is connected to this
> interface. The bridge is configured with an IP address of 192.168.100.225
> but as I understand it, this is only the address to use when connecting to
> the web based configuration utility. I have a Linksys access point with IP
> of 192.168.100.1.
>
> Anyway, after attempting connections to these three addresses, my arp table
> looks like this:
>
> ? (192.168.100.1) at (incomplete) on rl0 [ethernet]
> ? (192.168.100.2) at 00:05:5d:d0:ba:67 on rl0 permanent [ethernet]
> ? (192.168.100.225) at (incomplete) on rl0 [ethernet]
>
> I can not get any response from any device beyond the rl0 interface. I
> setup ipfw to log all traffic to that interface and can see the traffic
> going out:
>
> Sep 27 15:18:04 blacksheep /kernel: ipfw: 50 Accept ICMP:8.0 192.168.100.2
> 192.168.100.1 out via rl0
>
> Sep 27 15:24:00 blacksheep /kernel: ipfw: 50 Accept ICMP:8.0 192.168.100.2
> 192.168.100.225 out via rl0
>
> Can anyone educate me on arp and if it's my problem, tell me what I might
> need to add to my arp table to get things going?
>
> Thanks,
>
> Drew
I had this problem recently. Turns out that ipfw when used in
conjunction with bridging (net.link.ether.bridge_ipfw=1) that your
default rule must be to allow all. You can mitigate this by making your
last rule something like:
deny { tcp or udp } from any to any
This should basically block pretty much any traffic that you are
probably worried about. To test that this is the problem, disable the
firewall temporarily, maybe with something like:
# sysctl net.link.ether.bridge_ipfw=0
then try your network. if it works, the re-enable ipfw by setting the
above parameter back to 1. then take a look at your arp cache expiry
with `arp -an' and make note as to wether the net breaks again as soon
as the arp entry expires.
you can set ipfw to use a default rule of accepting by adding this
option to you kernel config:
options IPFIREWALL_DEFAULT_TO_ACCEPT
Nathan
-- gpg --keyserver pgp.mit.edu --recv-keys D8527E49
- application/pgp-signature attachment: stored
- Previous message: Glenn Johnson: "Re: Problem with cups"
- In reply to: Drew Tomlinson: "ARP Question - Maybe?"
- Next in thread: Drew Tomlinson: "Re: ARP Question - Maybe?"
- Reply: Drew Tomlinson: "Re: ARP Question - Maybe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
