Re: sysctls and if_bridge

From: Michael Proto <mike_at_jellydonut.org>
Date: Wed, 24 Sep 2008 10:45:23 -0400
On Wed, Sep 24, 2008 at 10:36 AM, Eygene Ryabinkin <rea-fbsd_at_codelabs.ru>wrote:

> Michael, good day.
>
> Wed, Sep 24, 2008 at 10:10:28AM -0400, Michael Proto wrote:
> > > Ran into a strange problem the other day, hoping someone can shed some
> > > light on this. Updated 8-CURRENT from 6/14 to 9/02 and noticed a
> strange
> > > thing with my if_bridge interface. It appears as though the sysctls for
> > > determining where to enable/disable filtering don't seem to be working.
> > >
> > > My router has an IP, 1.2.3.4/24 on its vr2 interface, which is bridged
> > > to a second vr1 interface for my 3 other static IPs.
> > >
> > > /etc/rc.conf:
> > > ifconfig_vr2="inet 1.2.3.4 netmask 255.255.255.0"
> > > ifconfig_vr1="up"
> > > cloned_interfaces="bridge0"
> > > ifconfig_bridge0="addm vr2 addm vr1 up"
> > >
> > > /etc/sysctl.conf:
> > > net.link.bridge.pfil_member=1
> > > net.link.bridge.pfil_bridge=0
> > >
> > > Based on what I've read from the man pages (and how it worked before),
> > > this should enable filtering on the vr2 and vr1 interfaces, and not the
> > > bridge0 interface. After updating to 8-CURRENT 9/02 it appears that
> > > these sysctl settings no longer matter, and filtering is enabled on
> both
> > > the bridge and member interfaces. I ultimately had to tweak my
> > > /etc/pf.conf and set all my inbound-from-the-Internet vr2 rules to
> > > reference bridge0 instead. Outbound rules still use vr2, and I've
> > > flipped both sysctl settings with no change in behavior. Traffic flows
> > > now, but it appears these sysctls are not working as they should, or
> I'm
> > > really missing something.
>
> Could you please post your ifconfig output?
> --
> Eygene
>  _                ___       _.--.   #
>  \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
>  /  ' `         ,       __.--'      #  to read the on-line manual
>  )/' _/     \   `-_,   /            #  while single-stepping the kernel.
>  `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
>     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
>    {_.-``-'         {_/            #
>



Sure! Here you go, and thanks! Bear in mind I'm using interface naming in
/etc/rc.conf. lan, dmz, and wan are all vr interfaces, and wifi is a vap
interface "cloned" from ath0


lan: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC>
        ether 00:0d:b9:12:99:68
        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
dmz: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
1500
        options=280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC>
        ether 00:0d:b9:12:99:69
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
wan: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
1500
        options=280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC>
        ether 00:0d:b9:12:99:6a
        inet 20.30.40.50 netmask 0xffffff00 broadcast 20.30.40.255
        media: Ethernet 100baseTX <full-duplex>
        status: active
ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290
        ether 00:80:48:7e:4c:e3
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: running
pfsync0: flags=0<> metric 0 mtu 1460
        syncpeer: 224.0.0.240 maxupd: 128
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet 127.0.0.1 netmask 0xff000000
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
        ether 00:0d:b9:12:99:6a
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: dmz flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 200000
        member: wan flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 3 priority 128 path cost 55
wifi: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290
        ether 00:80:48:7e:4c:e3
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: running
        ssid BingoNightly channel 11 (2462 Mhz 11g) bssid 00:80:48:7e:4c:e3
        country US ecm authmode WPA2/802.11i privacy MIXED deftxkey 2
        AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 17 scanvalid 60
        protmode CTS wme burst dtimperiod 1 -dfs




-Proto
Received on Wed Sep 24 2008 - 12:45:34 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:35 UTC