W dniu 11.03.2022 o 10:20, T K pisze:
Hi list
Please forgive me my incompetence, but I have no further idea
how to manage setup I try to arrange.
I have fujitsu futro box with 2 ethetnet cards, OpenBSD 7.0.
I would like to set that box up as a filtering bridge.
I guess it is quite common schema:
Lan boxes(windows) ----> network switch----><re0-BRIDGE-bge0->---->network
switch---->host1,host2,host3 etc.
Config is made according to manuals, the book of pf and so on:
/etc/hostname.bridge0: add re0 add bge0 blocknonip re0 blocknonip em0
/etc/hostname.re0: up; /etc/hostname.bge0: up.
I also set sysctl.net.inet.ip.forwarding=1, as if it was necessary for NAT
purposes.
Both bridged segments are 10.0.1.0/24 subnets, any blocking/firewalling
rules on hosts turned off.
If I understand the idea of a bridge whole traffic should be visible on
both interfaces of it.
I belive the traffic from the "lan-side" reaching my bridge on re0 should
be visible on bge0 at the "host"side and the same backwards. As if it was
another switch in stack.
For testing purposes at the very begining I set pf.conf: "set skip on { re0
bge0 lo0 }".
When I tried to ping "host3" from "lan box" I got "host is down"
Then I tried to ping stuff with pf disabled - no success. Same (no)effect
with pass rules on both re0 and bge0. Finally started network without
"blocknonip" option in hostname.bridge0, and tried all pf combitnations
mentioned above. Still nothing, I get ICMP answers only from "lan boxes"
connected to switch on "lan" side of the bridge but noting gets "throug" to
the "host" side.
Please tell me what am I missing/misunderstanding...?
Thanks
Tomasz
Hi Tomasz,
> /etc/hostname.bridge0: add re0 add bge0 blocknonip re0 blocknonip em0
I don't know if it's typo in email, but you got em0 here
Is bridge0 actually up? Start by trying ifconfig bridge0 up
Does tcpdump -ni bridge0 show anything?
Also, please post full output of ifconfig
Best regards
--
Łukasz Moskała
