Bruce A. Mah on 12/02/2005 2:24 PM wrote:
If memory serves me right, David Pierron wrote:
Bruce A. Mah on 12/02/2005 12:56 PM wrote:
If memory serves me right, David Pierron wrote:
fxp0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
ether xx:xx:xx:xx:xx:xx
media: Ethernet autoselect (none)
status: no carrier
fxp1: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
ether xx:xx:xx:xx:xx:xx
media: Ethernet autoselect (none)
status: no carrier
It looks to me like you didn't turn up either the fxp0 or fxp1
interfaces. It's correct to leave these interfaces unnumbered (i.e. no
IP addresses) but they do need to be up. Try adding these lines to
/etc/rc.conf:
ifconfig_fxp0="up"
ifconfig_fxp1="up"
They weren't connected at the time the ifconfig was run. That's the
reason for the no carrier ... I'm sure it's something in the
configuration ...
No, that's not what I meant. Notice that the fxp0 and fxp1 interfaces
don't have the "UP" flags (whether or not they're physically plugged in
is irrelevant). I'm pretty sure you need to "ifconfig up" both
interfaces before the bridge can use them and as far as I can tell you
didn't do this. I don't claim to be an expert in this area, but I *do*
have a filtering bridge working using if_bridge and PF....
Ah! I applied those settings to rc.conf and got the following results:
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp0 prefixlen 64 scopeid 0x1
ether xx:xx:xx:xx:xx:xx
media: Ethernet autoselect (none)
status: no carrier
fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp1 prefixlen 64 scopeid 0x2
ether xx:xx:xx:xx:xx:xx
media: Ethernet autoselect (none)
status: no carrier
fxp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 xxxx::xxx:xxxx:xxxx:xxxx%fxp2 prefixlen 64 scopeid 0x3
inet my.c.class.xxx netmask 0xffffff00 broadcast 64.243.181.255
ether xx:xx:xx:xx:xx:xx
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
pfsync0: flags=0<> mtu 2020
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff000000
bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500
ether xx:xx:xx:xx:xx:xx
priority 32768 hellotime 2 fwddelay 15 maxage 20
member: fxp1 flags=3<LEARNING,DISCOVER>
member: fxp0 flags=3<LEARNING,DISCOVER>
I can't wait until the wee hours to test this! They do seem to have
IPV6 addresses ... Can I shut that off? Comment out IPV6 in the
kernel? I don't need IPV6 ...
I see my:
pass in on $mgt_if proto tcp from any to $mgt_if port 80 keep state
expands out to two rules, one for inet and another for inet6 ...
or change the command to:
pass in on $mgt_if inet proto tcp from any to $mgt_if port 80 keep state
I shouldn't have to worry about IPV6 ...
Anyway, I'll report on the ifconfig_inf(x)="up" and see if that is the ticket
...
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
