Michael, good day. Wed, Sep 24, 2008 at 10:10:28AM -0400, Michael Proto wrote: > > Ran into a strange problem the other day, hoping someone can shed some > > light on this. Updated 8-CURRENT from 6/14 to 9/02 and noticed a strange > > thing with my if_bridge interface. It appears as though the sysctls for > > determining where to enable/disable filtering don't seem to be working. > > > > My router has an IP, 1.2.3.4/24 on its vr2 interface, which is bridged > > to a second vr1 interface for my 3 other static IPs. > > > > /etc/rc.conf: > > ifconfig_vr2="inet 1.2.3.4 netmask 255.255.255.0" > > ifconfig_vr1="up" > > cloned_interfaces="bridge0" > > ifconfig_bridge0="addm vr2 addm vr1 up" > > > > /etc/sysctl.conf: > > net.link.bridge.pfil_member=1 > > net.link.bridge.pfil_bridge=0 > > > > Based on what I've read from the man pages (and how it worked before), > > this should enable filtering on the vr2 and vr1 interfaces, and not the > > bridge0 interface. After updating to 8-CURRENT 9/02 it appears that > > these sysctl settings no longer matter, and filtering is enabled on both > > the bridge and member interfaces. I ultimately had to tweak my > > /etc/pf.conf and set all my inbound-from-the-Internet vr2 rules to > > reference bridge0 instead. Outbound rules still use vr2, and I've > > flipped both sysctl settings with no change in behavior. Traffic flows > > now, but it appears these sysctls are not working as they should, or I'm > > really missing something. Could you please post your ifconfig output? -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ #
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:35 UTC