On Wed, May 04, 2005 at 06:13:22PM +0100, Gavin Atkinson wrote: > > I believe I am seeing similar problems to you, though uptime for me is > generally measurable in days rather than minutes. I've found that > adding an explicit "allow all from any to any" and then removing it > again seems to get it working. I will test your solution when mine > fails again. > > The comment about arp is an interesting one, I will see what I can find > out. I have however seen situations where (eg) UDP DNS through the > bridge works but web traffic or terminal services etc may not. > > If you want to share firewall rules and other configuration with me > off-list to see if there are any similarities I'd be happy to help. > It appears that the solution is obtained by adding the rule: allow ip from any to any layer2 mac-type arp to the beginning of the firewall list. IPFW2 drops non-IP traffic whereas IPFW1 passes it though. This is the reason why my configuration stopped working after the upgrade. Joe -- Josef Karthauser (joe_at_tao.org.uk) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ ================ An eclectic mix of fact and theory. =================
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:34 UTC