[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bridge firewall : a caveat

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: bridge firewall : a caveat
From: Camiel Dobbelaar <cd_(_at_)_sentia_(_dot_)_nl>
Date: Mon, 20 Nov 2000 10:13:20 +0100

I've run arpwatch on bridges too, and I don't remember any problems...

If you gave both (or more) member interfaces on your bridge an IP
address, I can imagine that arpwatch can get into trouble. Traffic
generated on the bridge itself goes through some weird hoops to get to
the correct interface.

Try to run arpwatch on interface bridge0. (a while ago I commited a
patch to be able to run arpwatch on interfaces without an IP address
assigned)

--
Cam

> From: Nicholas Merrill <lists_(_at_)_mojo_(_dot_)_calyx_(_dot_)_net>
> On Thu, 16 Nov 2000, Philipp Schott wrote:
> 
> > i love the idea of a bridge firewall and i'd like to build one for one
> > of our student's pools.
> > is there anybody out there using such a thing? any caveats? pros & cons?
> 
> we have used them
> 
> one caveat is that if you run bridging AFAIK you can't run arpwatch
> from the ports tree, or else you will be inundated with emails telling
> you that the two interfaces have flip-flopped
> 
> I would love to be proven wrong on this BTW

Prev by Date: mb_map full
Next by Date: Re: Weird nmap outputs
Previous by thread: Re: bridge firewall : a caveat
Next by thread: Re: openbsd + pptp + adsl
Index(es):
- Date
- Thread

Visit your host, monkey.org