On Wed, May 04, 2005 at 06:13:22PM +0100, Gavin Atkinson wrote: > > I believe I am seeing similar problems to you, though uptime for me is > generally measurable in days rather than minutes. I've found that > adding an explicit "allow all from any to any" and then removing it > again seems to get it working. I will test your solution when mine > fails again. > > The comment about arp is an interesting one, I will see what I can find > out. I have however seen situations where (eg) UDP DNS through the > bridge works but web traffic or terminal services etc may not. > > If you want to share firewall rules and other configuration with me > off-list to see if there are any similarities I'd be happy to help. >
It appears that the solution is obtained by adding the rule:
allow ip from any to any layer2 mac-type arp
to the beginning of the firewall list. IPFW2 drops non-IP traffic
whereas IPFW1 passes it though. This is the reason why my configuration
stopped working after the upgrade.
Joe
--
Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/
FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/
Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/
================ An eclectic mix of fact and theory. =================
pgpjE0gMvJzTX.pgp
Description: PGP signature
