forwarding didn't work if wlan0 is member of a bridge

From: Olivier Cochard-Labbé <olivier_at_cochard.me> Date: Wed, 23 Dec 2015 11:31:58 +0100 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:01 UTC

Hi,

If wlan0 interface is member of a bridge, FreeBSD didn't reach to
forward-back packets to wireless client

My setup is this one:

internet gateway <--> [net0] fbsd router [net1 + wifi-hostap in bridge0]
 <--> wireless client

and the problem description:
 - wireless clients didn't receive any packet back: the fbsd-router blocks
answers because it thinks wireless clients are "unreachable".
 - But wireless clients can reach all IP of the fbsd-router hitself without
problem, and fbsd-router can ping them too.
 - Ethernet clients connected to the same bridge0 didn't have problem

A tcpdump on the outgoing interface shows the fbsd-router correctly
receiving/NATing/forwarding the wireless-client packet (10.239.142.104
natted to 192.168.100.70) toward the Internet-gateway (192.168.100.254),
but once received the response from the internet-gateway it is not able to
reach the wireless-client (unreachable):
[fbsd-router]~> sudo tcpdump -pni net0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on net0, link-type EN10MB (Ethernet), capture size 262144 bytes
07:35:24.869560 IP 192.168.100.70 > 192.168.100.254: ICMP echo request, id
1, seq 375, length 40
07:35:24.869772 IP 192.168.100.254 > 192.168.100.70: ICMP echo reply, id 1,
seq 375, length 40
07:35:24.870314 IP 192.168.100.70 > 192.168.100.254: ICMP host
10.239.142.104 unreachable, length 36

But directly from the fbsd-router, there is no problem for reaching the
wireless-client:
[fbsd-router]~> ping wireless-client
PING 10.239.142.104 (10.239.142.104): 56 data bytes
64 bytes from 10.239.142.104: icmp_seq=0 ttl=128 time=2.633 ms
64 bytes from 10.239.142.104: icmp_seq=1 ttl=128 time=1.614 ms

I'm using a bridge because I need to use only one subnet for all my clients
(ethernet and wifi):
[fbsd-router]~> ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
        ether 02:82:9f:45:81:00
        inet 10.239.142.126 netmask 0xffffffe0 broadcast 10.239.142.127
        nd6 options=49<PERFORMNUD,IFDISABLED,NO_RADR>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: wlan0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 6 priority 128 path cost 33333
        member: net1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 55

And this "unreacheable" problem is related to the bridge, if I remove the
wlan0 from the bridge, there is no more problem.

What problem can cause FreeBSD to answer back "unreachable" when wlan0 is
member of a bridge ?

Head versions tested: r290522, r291362, r292613.

Thanks,