Kia ora, I am having a similar problem as discussed here:
http://kerneltrap.org/mailarchive/openbsd-misc/2010/8/24/6489 However I am running latest stable on sunfire v215 OpenBSD ufb-fw.ufb.net.nz 4.8 GENERIC#86 sparc64 I am running double NAT but unfortunately at this point it is the only option for this machine. My interfaces are configured: # cat /etc/hostname.bge0 dhcp up rtsol # cat /etc/hostname.bge1 up # cat /etc/hostname.bge2 up # cat /etc/hostname.bge3 up # cat /etc/hostname.vether0 inet 192.168.1.1 255.255.255.0 NONE description "bridge port with ip" # cat /etc/hostname.bridge0 description "bridge for internal" add vether0 add bge1 add bge2 add bge3 up # cat /etc/rc.conf.local ntpd_flags= # enabled during install dhcpd_flags="vether0" # ifconfig lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33160 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:14:4f:b1:b4:62 priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet6 fe80::214:4fff:feb1:b462%bge0 prefixlen 64 scopeid 0x1 inet 10.0.0.10 netmask 0xffffff00 broadcast 10.0.0.255 bge1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:14:4f:b1:b4:63 priority: 0 media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet6 fe80::214:4fff:feb1:b463%bge1 prefixlen 64 scopeid 0x2 bge2: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:14:4f:b1:b4:64 priority: 0 media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet6 fe80::214:4fff:feb1:b464%bge2 prefixlen 64 scopeid 0x3 bge3: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:14:4f:b1:b4:65 priority: 0 media: Ethernet autoselect (none) status: no carrier inet6 fe80::214:4fff:feb1:b465%bge3 prefixlen 64 scopeid 0x4 enc0: flags=0<> priority: 0 groups: enc status: active vether0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 lladdr fe:e1:ba:d0:e5:34 description: bridge port with ip priority: 0 groups: vether media: Ethernet autoselect status: active inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::fce1:baff:fed0:e534%vether0 prefixlen 64 scopeid 0x7 bridge0: flags=41<UP,RUNNING> description: bridge for internal groups: bridge priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp bge3 flags=3<LEARNING,DISCOVER> port 4 ifpriority 0 ifcost 0 bge2 flags=3<LEARNING,DISCOVER> port 3 ifpriority 0 ifcost 0 bge1 flags=3<LEARNING,DISCOVER> port 2 ifpriority 0 ifcost 0 vether0 flags=3<LEARNING,DISCOVER> port 7 ifpriority 0 ifcost 0 pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33160 priority: 0 groups: pflog # Bridge is showing that it has learned the various mac addresses: # ifconfig bridge0 bridge0: flags=41<UP,RUNNING> description: bridge for internal groups: bridge priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp designated: id 00:00:00:00:00:00 priority 0 bge3 flags=3<LEARNING,DISCOVER> port 4 ifpriority 0 ifcost 0 bge2 flags=3<LEARNING,DISCOVER> port 3 ifpriority 0 ifcost 0 bge1 flags=3<LEARNING,DISCOVER> port 2 ifpriority 0 ifcost 0 vether0 flags=3<LEARNING,DISCOVER> port 7 ifpriority 0 ifcost 0 Addresses (max cache: 100, timeout: 240): 00:27:13:64:e3:df bge2 0 flags=0<> 08:00:27:5b:9d:b6 bge1 1 flags=0<> 00:0e:86:15:81:bf bge1 0 flags=0<> 00:0e:86:15:80:63 bge1 0 flags=0<> 00:0e:86:16:39:c4 bge1 0 flags=0<> 00:13:fa:04:ae:44 bge1 1 flags=0<> 48:5b:39:b5:b4:63 bge1 1 flags=0<> d8:5d:4c:e1:d3:16 bge1 1 flags=0<> 6c:62:6d:7b:c8:05 bge1 1 flags=0<> And daemon log is showing that vether0 is receiving dhcprequests and sending acks - but the acks never reach clients. I am able to statically add IP's on client and get them to work: (the .11 host in the routing table for example) # route show Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default SpeedTouch.lan UGS 61 4163 - 8 bge0 10.0.0/24 link#1 UC 1 0 - 4 bge0 ufb-fw.lan localhost UGHS 0 0 33160 8 lo0 SpeedTouch.lan 00:90:d0:72:87:38 UHLc 15 481 - 4 bge0 loopback localhost UGRS 0 0 33160 8 lo0 localhost localhost UH 2 0 33160 4 lo0 192.168.1/24 link#7 UC 1 0 - 4 vether0 192.168.1.11 48:5b:39:b5:b4:63 UHLc 1 6493 - L 4 vether0 And if I remove the bridge and use bge1 directly as the dhcpd interface clients get IP's (although strangely are unable to ping each other, but can ping the router and get internet). # cat /etc/dhcpd.conf option domain-name "ufb.net.nz"; option domain-name-servers 10.0.0.138; default-lease-time 2400; max-lease-time 7200; #subnet 10.37.0.0 netmask 255.255.255.0 { # range 10.37.0.50 10.37.0.254; # option routers 10.37.0.1; # option domain-name-servers 10.0.0.138; #} subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.100; option routers 192.168.1.1; option domain-name-servers 10.0.0.138; } # i've tried this with both a minimal permisive pf set and my normal (same results with both). # pfctl -s rules match out on bge0 inet proto tcp from 192.168.1.0/24 to ! 192.168.1.0/24 nat-to (bge0) round-robin match out on bge0 inet proto udp from 192.168.1.0/24 to ! 192.168.1.0/24 nat-to (bge0) round-robin match out on bge0 inet proto icmp from 192.168.1.0/24 to ! 192.168.1.0/24 nat-to (bge0) round-robin pass in quick inet proto tcp from 0.0.0.0 to <tbl.r9998.d> port = ssh flags any keep state label "RULE 9998 -- ACCEPT " block drop in log quick on bge0 inet from <tbl.r9998.d> to any label "RULE 0 -- DROP " block drop in log quick on bge0 inet from 192.168.1.0/24 to any label "RULE 0 -- DROP " pass quick on lo inet all flags S/SA keep state label "RULE 1 -- ACCEPT " pass quick on vether0 inet from 192.168.1.0/24 to 192.168.1.0/24 flags S/SA keep state label "RULE 2 -- ACCEPT " pass in quick inet proto icmp from 192.168.1.0/24 to <tbl.r9998.d> keep state label "RULE 3 -- ACCEPT " pass in quick inet proto tcp from 192.168.1.0/24 to <tbl.r9998.d> port = ssh flags any keep state label "RULE 3 -- ACCEPT " pass in quick inet proto tcp from 192.168.1.0/24 to <tbl.r9998.d> port = domain flags any keep state label "RULE 3 -- ACCEPT " pass in quick inet proto udp from 192.168.1.0/24 to <tbl.r9998.d> port = domain keep state label "RULE 3 -- ACCEPT " pass in quick inet proto udp from <tbl.r4.s> to <tbl.r9998.d> port = bootpc keep state label "RULE 4 -- ACCEPT " pass in quick inet proto udp from <tbl.r4.s> to <tbl.r9998.d> port = bootps keep state label "RULE 4 -- ACCEPT " pass quick inet proto udp from <tbl.r4.sx> to 255.255.255.255 port = bootpc keep state label "RULE 4 -- ACCEPT " pass quick inet proto udp from <tbl.r4.sx> to 255.255.255.255 port = bootps keep state label "RULE 4 -- ACCEPT " pass out quick inet proto udp from <tbl.r9998.d> to 192.168.1.0/24 port = bootpc keep state label "RULE 5 -- ACCEPT " pass out quick inet proto udp from <tbl.r9998.d> to 192.168.1.0/24 port = bootps keep state label "RULE 5 -- ACCEPT " pass out quick inet proto icmp from <tbl.r9998.d> to any keep state label "RULE 6 -- ACCEPT " pass out quick inet proto tcp from <tbl.r9998.d> port = ftp-data to any port >= 1024 flags any keep state label "RULE 6 -- ACCEPT " pass out quick inet proto tcp from <tbl.r9998.d> to any port = domain flags any keep state label "RULE 6 -- ACCEPT " pass out quick inet proto tcp from <tbl.r9998.d> to any port = www flags any keep state label "RULE 6 -- ACCEPT " pass out quick inet proto tcp from <tbl.r9998.d> to any port = https flags any keep state label "RULE 6 -- ACCEPT " pass out quick inet proto tcp from <tbl.r9998.d> to any port = ssh flags any keep state label "RULE 6 -- ACCEPT " pass out quick inet proto tcp from <tbl.r9998.d> to any port = ftp flags any keep state label "RULE 6 -- ACCEPT " pass out quick inet proto tcp from <tbl.r9998.d> to any port = ftp-data flags any keep state label "RULE 6 -- ACCEPT " pass out quick inet proto udp from <tbl.r9998.d> to any port = domain keep state label "RULE 6 -- ACCEPT " block drop in log quick inet from any to <tbl.r9998.d> label "RULE 7 -- DROP " pass quick inet from 192.168.1.0/24 to any flags S/SA keep state label "RULE 8 -- ACCEPT " block drop log quick inet all label "RULE 9 -- DROP " block drop quick inet all label "RULE 10000 -- DROP " # I am really tearing my hair out on this one - best I can understand there appears to be some sort of arp dropping/blocking somewhere. console is /e...@1f,464000/ser...@2,80 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2010 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.8 (GENERIC) #86: Mon Aug 16 09:09:34 MDT 2010 dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/GENERIC real mem = 1073741824 (1024MB) avail mem = 1044054016 (995MB) mainbus0 at root: Sun Fire V215 cpu0 at mainbus0: SUNW,UltraSPARC-IIIi (rev 3.4) @ 1504 MHz cpu0: physical 32K instruction (32 b/l), 64K data (32 b/l), 1024K external (64 b/l) "memory-controller" at mainbus0 not configured pyro0 at mainbus0: "Fire", rev 3, ign 780, bus A 2 to 13 pyro0: dvma map c0000000-ffffffff pci0 at pyro0 ppb0 at pci0 dev 0 function 0 "PLX PEX 8532" rev 0xbb pci1 at ppb0 bus 3 ppb1 at pci1 dev 1 function 0 "PLX PEX 8532" rev 0xbb pci2 at ppb1 bus 4 ppb2 at pci2 dev 0 function 0 "Acer Labs M5249 PCI-PCI" rev 0x00 pci3 at ppb2 bus 5 ohci0 at pci3 dev 28 function 0 "Acer Labs M5237 USB" rev 0x03: ivec 0x780, version 1.0, legacy support ohci1 at pci3 dev 28 function 1 "Acer Labs M5237 USB" rev 0x03: ivec 0x780, version 1.0, legacy support ehci0 at pci3 dev 28 function 3 "Acer Labs M5239 USB2" rev 0x01: ivec 0x781 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Acer Labs EHCI root hub" rev 2.00/1.00 addr 1 ebus0 at pci3 dev 30 function 0 "Acer Labs M1575 ISA" rev 0x00 rtc0 at ebus0 addr 70-73: m5823 pciide0 at pci3 dev 31 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc8: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 0x784 for native-PCI interrupt pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) usb1 at ohci0: USB revision 1.0 uhub1 at usb1 "Acer Labs OHCI root hub" rev 1.00/1.00 addr 1 usb2 at ohci1: USB revision 1.0 uhub2 at usb2 "Acer Labs OHCI root hub" rev 1.00/1.00 addr 1 ppb3 at pci1 dev 2 function 0 "PLX PEX 8532" rev 0xbb: ivec 0x794 pci4 at ppb3 bus 6 ppb4 at pci1 dev 8 function 0 "PLX PEX 8532" rev 0xbb: ivec 0x794 pci5 at ppb4 bus 7 ppb5 at pci1 dev 9 function 0 "PLX PEX 8532" rev 0xbb pci6 at ppb5 bus 8 ppb6 at pci6 dev 0 function 0 "ServerWorks PCIE-PCIX" rev 0xb5 pci7 at ppb6 bus 9 bge0 at pci7 dev 4 function 0 "Broadcom BCM5714" rev 0xa3, BCM5715 A3 (0x9003): ivec 0x795, address 00:14:4f:b1:b4:62 brgphy0 at bge0 phy 1: BCM5714 10/100/1000baseT/SX PHY, rev. 0 bge1 at pci7 dev 4 function 1 "Broadcom BCM5714" rev 0xa3, BCM5715 A3 (0x9003): ivec 0x796, address 00:14:4f:b1:b4:63 brgphy1 at bge1 phy 1: BCM5714 10/100/1000baseT/SX PHY, rev. 0 ppb7 at pci7 dev 8 function 0 "ServerWorks HT-1000 PCIX" rev 0xb4 pci8 at ppb7 bus 10 ppb8 at pci1 dev 10 function 0 "PLX PEX 8532" rev 0xbb pci9 at ppb8 bus 11 ppb9 at pci9 dev 0 function 0 "ServerWorks PCIE-PCIX" rev 0xb5 pci10 at ppb9 bus 12 bge2 at pci10 dev 4 function 0 "Broadcom BCM5714" rev 0xa3, BCM5715 A3 (0x9003): ivec 0x796, address 00:14:4f:b1:b4:64 brgphy2 at bge2 phy 1: BCM5714 10/100/1000baseT/SX PHY, rev. 0 bge3 at pci10 dev 4 function 1 "Broadcom BCM5714" rev 0xa3, BCM5715 A3 (0x9003): ivec 0x797, address 00:14:4f:b1:b4:65 brgphy3 at bge3 phy 1: BCM5714 10/100/1000baseT/SX PHY, rev. 0 ppb10 at pci10 dev 8 function 0 "ServerWorks HT-1000 PCIX" rev 0xb4 pci11 at ppb10 bus 13 mpi0 at pci11 dev 1 function 0 "Symbios Logic SAS1064" rev 0x02: ivec 0x78f scsibus0 at mpi0: 63 targets sd0 at scsibus0 targ 0 lun 0: <SEAGATE, ST973402SSUN72G, 0603> SCSI3 0/direct fixed sd0: 70007MB, 512 bytes/sec, 143374738 sec total pyro1 at mainbus0: "Fire", rev 3, ign 7c0, bus B 2 to 255 pyro1: dvma map c0000000-ffffffff pci12 at pyro1 ebus1 at mainbus0: ign 7c0 "flashprom" at ebus1 addr 0-1fffff not configured com0 at ebus1 addr 80-87 ivec 0x8: ns16550a, 16 byte fifo com0: console com1 at ebus1 addr 40-47 ivec 0x9: ns16550a, 16 byte fifo "rmc-comm" at ebus1 addr 0-7 ivec 0xa not configured "gpio" at ebus1 addr c0-c0 not configured led0 at ebus1 addr 0-80: rev 0x5a power0 at ebus1 addr 40-c1 ivec 0x3 "i2c" at mainbus0 not configured softraid0 at root bootpath: /p...@1e,600000/p...@0,0/p...@a,0/p...@0,0/p...@8,0/s...@1,0/d...@0,0 root on sd0a swap on sd0b dump on sd0b Any help/suggestions, greatly appreciated. Kind regards -JoelW
