I apologize for hitting the send button too quickly. Once all noted down, it clicked in my mind that virtual pc mustn't be respecting the PROMISCUOUS mode of the virtual network card. Once I had a question in mind, a google search answered that yes, that is a limitation of virtual PC. So, *sigh* there goes a day of installation and preparation.
So the only remaining solution I can imagine, is... does anybody have an idea how I could have the virtual firewall test server register itself for the IP address of the second test server and still function as a gateway properly (it does have the two nics bridged)? Maybe using ipfw to forward the traffic by MAC address? I'm going to sleep on it, anybody with advice would receive my full gratitude! Andrew -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Seguin Sent: Sunday, January 23, 2005 11:26 PM To: freebsd-net@freebsd.org Subject: Weird situation Here I am again, experimenting with FreeBSD on the network. My last questions here helped me get a firewall to help our network. Now, I have a test setup in a virtual environment… but I have a problem. (why else would I be writing here then?). At the moment I have no clue what to even look up on Google or the archives (so all I’ve been able to do at the moment is experiment). The problem: traffic is flowing through one way, not back, through a test environment. The setup: Main connection: Router -> [vlan0][fxp1] firewall (production) [fxp0][vlan1] -> managed switch, cuts off the vlan tag. >From the switch -> secondary switch -> {FreeBSD test firewall -> FreeBSD test server} The two servers between '{' and '}' are running inside virtual PC on a windows 2000 server (the best I could make up for a "lab"). They were build by having the test firewall de0 linked with the physical nic, and de1 to a "Microsoft loopback adapter", de0 of the test server as well. Problem: Pings from the test server at the end of the chain to the router don't come back all the way. Tests to date: I've been using tcpdump -i {interface} "host {test_ip}" at each stage. At the main firewall, tcpdump shows both request and reply, no problem. On the win2k server, ethereal shows both request and reply, no problem. On the test firewall, I see only the outgoing ICMP ping request. At all points, the TTL seems fine (still 255 when captured by the win2k server). So I wondered, is virtual PC not sending the packet along? But the freebsd firewall server can ping the router no problem. What about the communication between the two freebsd servers? Ping works with no problem at all. The test firewall is as open as I can make, it is built with the same kernel configuration as the production firewall, it is enabled in rc.conf with type OPEN. I'm not sure I know what to do about this problem at the moment, And therefore ask if anybody knows what I could do about this? Writing allll this down, I had a crazy idea that depresses me... what if Virtual PC is not respecting the PROMISC mode of the virtual network card and then the test server is not seeing traffic not specifically meant for it... :( Can anybody confirm or give any suggestions? -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.7.2 - Release Date: 1/21/2005 _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.7.2 - Release Date: 1/21/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.7.2 - Release Date: 1/21/2005 _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
