Hello,
I'm trying to setup a very simple bridge on my FreeBSD 7.2 machine.
The eventual goal is to use pf to filter the bridge, so I have a transparent firewall.
My first stage was to setup a simple bridge, let everything pass, and then start locking it down via pf, but I can't get the box to pass packets properly via the bridge.
I'm not even worrying about the pf side of things at the moment, I just want to move packets between both members of the bridge.
This is the network;
em0 - WAN side - I have 255 IP's, lets call them 1.2.3.0-1.2.3.255
em1 - LAN side
msk0 - LAN side, management IP
1.2.3.1 is the DSL router on the WAN side
My rc.conf has this;
cloned_interfaces="bridge0
"
ifconfig_bridge0="addm em0 addm em1 up"
ifconfig_em0="up"
ifconfig_em1="up"
The bridge0 interface is created properly, and the interfaces are up.
At this point, attempting to ping any WAN addresses doesn't work - due to no route to host, which isn't entirely surprising, as I don't have any routing info.
I think the way around this is to assign an IP to the bridge0 interface? When I assign a WAN address to the bridge0 interface (say 1.2.3.3), I can ping any other LAN addresses on my LAN (say 1.2.3.2 which is a different machine), but I can't ping any WAN addresses on the network like the 1.2.3.1 router.
Pings to 1.2.3.1 just hang, no "no route to host" type messages. arp -a lists the proper mac address for 1.2.3.1 but it takes a long time to resolve. It does say that 1.2.3.1 is on bridge0, along with 1.2.3.3 (the ip I assigned to bridge), and 1.2.3.2 (the other physical machine)
This means I'm dead in the water for getting out on the internet.
The box is clean, not been frigged with. I had some simple NAT with pf running earlier, so I know it can route internet traffic, but that's all off right now.
I think I'm just not understanding something here, maybe trying to do the impossible. Anyone see the error in my method? What should I do next in terms of troubleshooting? Thanks.
