Oh my...
After lot of testing I think I am very close(I hope) to a working solution.
In short I got back to somehow close what David suggested regarding proxy arp
but I cannot find commarp package so for arp problem i just use static
arp entries
in different rdomain
em0 -> rdomain 1 + static arp en
Hi Tom,
I am just about trying your suggestion but I'm confused regarding one thing.
You mentioned
" then in openBSD Bridge you can add em0 and em1 to the same protected port
group eg 3"
Do you mean em0 and em1 should be isolated by each other?
Then how is supposed to communicate em0 with em1?
Th
Hi Christian,
if you have Port 20 and 21 isolated from each other ... ie in the same
protected port group 0 on the switch...
and ports 1-19 in a spearate protected port group eg 1
ports 1-19 can talk to either 20 or 21
and ports 20-21 cannot talk to each other (loop avoidance)
then in openBSD Bri
Thank you so much Tom and David for giving me ideas where I can dig more.
Definitely it is a good start in this journey and I am researching more.
I have exact same situation with Wireless, for the moment all the clients are
isolated but I need to achieve the same, to filter between them.
I am eval
Hey David...
(I have learned so much from you over the years and used your gear so maybe
I can give a lttle back on this one )
"Correct use of Proxy arp" Gateway of layer 2 isolated network...
clients cannot see or hear eachothers arp traffic or discovery traffic or
other broadcast nasties
so g
> On 25 Jan 2023, at 10:03, Martin Schröder wrote:
>
> Am Mi., 25. Jan. 2023 um 00:45 Uhr schrieb David Gwynne :
>> I think you can do this on OpenBSD with https://github.com/eait-itig/commarp
>> and just routing on em0. I don’t think any layer 2 things like bridge or veb
>> are needed, and
Am Mi., 25. Jan. 2023 um 00:45 Uhr schrieb David Gwynne :
> I think you can do this on OpenBSD with https://github.com/eait-itig/commarp
> and just routing on em0. I don’t think any layer 2 things like bridge or veb
> are needed, and probably won’t work anyway because as Claudio said, they
> don
> On 25 Jan 2023, at 09:47, Tom Smyth wrote:
>
> Hi David is that like a local proxy arp type setup (on typical
> networking gear) .. ?
I’ve never had a clear idea about what proxy ARP is, and the only time it comes
up in converstaion is when people complain about problems it causes. Do you
Hi David is that like a local proxy arp type setup (on typical
networking gear) .. ?
On Tue, 24 Jan 2023 at 23:45, David Gwynne wrote:
>
> I think you can do this on OpenBSD with https://github.com/eait-itig/commarp
> and just routing on em0. I don’t think any layer 2 things like bridge or veb
I think you can do this on OpenBSD with https://github.com/eait-itig/commarp
and just routing on em0. I don’t think any layer 2 things like bridge or veb
are needed, and probably won’t work anyway because as Claudio said, they don’t
want to hairpin anyway.
That code doesn’t have any manpages un
I agree with Claudio re Hairpin issue...
perhaps an alternate setup would be to use 2 vlans on the switch on
the uplink of the openbsd box
(to avoid the hair pin on a physical interface) but care needs to be
taken when bridging between the two vlans as 2x mac table usage will
occur ... ie mac addre
HI Tom,
I am familiar with options you mentioned, veb, bridge and isolated ports.
I am having another transparent filter based of veb also I am aware about
protected members but my use case is different.
Let me try to explain maybe with different words.
OpenBSD box is having only one cable input,
On Tue, Jan 24, 2023 at 11:43:08AM +, Tom Smyth wrote:
> Hello Cristian,
> if you want to filter on layer 2 ... you would need to use Bridge
> have a look at man ifconfig(8)
> bridge filter rules can be added to ports in the bridge...
> you can also tag traffic in bridge filter rules and t
Hello Cristian,
if you want to filter on layer 2 ... you would need to use Bridge
have a look at man ifconfig(8)
bridge filter rules can be added to ports in the bridge...
you can also tag traffic in bridge filter rules and then use PF to
filter them...
but if your objective is to isolate por
14 matches
Mail list logo