[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bridge firewall : a caveat
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: bridge firewall : a caveat
- From: Camiel Dobbelaar <cd_(_at_)_sentia_(_dot_)_nl>
- Date: Mon, 20 Nov 2000 10:13:20 +0100
I've run arpwatch on bridges too, and I don't remember any problems...
If you gave both (or more) member interfaces on your bridge an IP
address, I can imagine that arpwatch can get into trouble. Traffic
generated on the bridge itself goes through some weird hoops to get to
the correct interface.
Try to run arpwatch on interface bridge0. (a while ago I commited a
patch to be able to run arpwatch on interfaces without an IP address
> From: Nicholas Merrill <lists_(_at_)_mojo_(_dot_)_calyx_(_dot_)_net>
> On Thu, 16 Nov 2000, Philipp Schott wrote:
> > i love the idea of a bridge firewall and i'd like to build one for one
> > of our student's pools.
> > is there anybody out there using such a thing? any caveats? pros & cons?
> we have used them
> one caveat is that if you run bridging AFAIK you can't run arpwatch
> from the ports tree, or else you will be inundated with emails telling
> you that the two interfaces have flip-flopped
> I would love to be proven wrong on this BTW
Visit your host, monkey.org