On Wed, Oct 26, 2005 at 04:16:53PM -0500, Graham Toal wrote: > > Assuming that the problem turns out to be that the dhcp request for > > fxp1 is always routed out of fxp1 (makes sense, right?) what can I do > > to have it routed out the other interface via bridging? (Remembering > > that the solution has to work symmetrically, if in some other deployment > > it is the other of the two interfaces which can't see the DHCP server...) > > Confirmed that this is the problem. Two ways: 1) I changed /etc/netstart > to bring up the bridge before it configures the interfaces. Dirty, but > it works - and the internal interface still didn't manage to talk to > the dhcp server; and 2) I manually killed the dhclient process for fxp1 > once everything was running smoothly from a clean boot, and manually > started "dhclient -d fxp1" - and again, it did not talk to the dhcp > server even though the bridge was already running by that point for sure.. > > I could force the traffic from one interface to the other with pf > and a route-to option, but only if I know which interface the dhcp > server is connected to. Since I cannot make that assumption (it > depends on where in the network the bridge is inserted) I can't see > a solution. Well, short of some really hacky code to scan the output > of ifconfig -A, and rewrite a new version of pf.conf on the fly. > > Can anyone think of some ingenious rule for pf that will get me what > I need? This is the last significant stumbling block in a long > project to build a completely idiot-proof spam filter that works > just like a commercial appliance - plug it in and use it, no > config necessary. (Actually the *last* stumbling block will be > a completely idiot-proof installer - or a live CD - but I'll cross > that bridge when I come to it. No pun intended.) >
I'm still confused. Why do you need to succed in getting a DHCP address for _both_ interfaces? Wouldn't it be OK if jsut the one that hapened to face the DHCP server came up? This would still give you remote access. -- U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong Terror - New York Times 9/3/1967
