This is going to be a recurrent question lately so maybe a reminder is
worthwhile.
> I have the full version of freeBSD 2.2.8 complete with IPFW and DummyNet
> options installed on a PC acting as a filter and bridge between two
> segments. My last problem to solve is that arp requests are not getting
> sent (in either direction) through the bridge. Unicast packets get sent,
ok i know why. You need to put
option IPFIREWALL_DEFAULT_TO_ACCEPT
in your kernel config, and if you want a closed firewall you put a rule
65534 deny ip from any to any
this is because ipfw is very IP-centric and all non-matching packets
(this includes ARP) are subject to the default rule #65535.
The above solves the problem, waiting for a better solution (in the
form of ipfw extensions to match non-ip packets).
Also note that bridge+ipfw at the moment has some glitches because
of a few missing ntohs() calls on the ip_off field of the IP header
(ipfw expects some fields including this to be in host order).
Symptoms are that packets with a DF bit set are mistaken as fragments
and may match other rules than those intended. A fix (trivial) is
in the works.
cheers
luigi
-----------------------------------+-------------------------------------
Luigi RIZZO .
EMAIL: luigi@iet.unipi.it . Dip. di Ing. dell'Informazione
HTTP://www.iet.unipi.it/~luigi/ . Universita` di Pisa
TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy)
-----------------------------------+-------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
-- end of forwarded message --
--
С тем, что не помешает никогда,
Kittle