[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(Long) Re: Bridge not bridging



Thanks for the responses so far, now that I've finished swapping all the 18GB drives in my main server's RAID for 36GBs & dealing with the DSL non-install I can get back to this. Let me better state what steps I've taken. Originally, my coworker followed the steps outlined in the openlysecure.org how-to document with appropriate modifications for the 3rd NIC. After this part:

-----
First let's make sure your network is in a state that we can work with. Execute the following commands. Damn the torpedoes and ignore any error
messages.


ifconfig dc0 delete
ifconfig dc1 delete
ifconfig dc0 up
ifconfig dc1 up

This gets rid of any prior configuration of your interfaces and just sets them both to UP, with nothing else configured. This way an old IP address setting
doesn't cause a mysterious conflict later.


Now let's add the interfaces to the bridge:

brconfig bridge0 add dc0 add dc1 up

Guess what? You're bridging... that's all there is to it!
-----

I'm not bridging, there's more to it than that. Someone please correct me if I'm wrong, but AppleTalk should be perfect for testing the bridge: open the Chooser & broadcast, responses should come in. I am, of course, also testing with IP. Both fail. The test setup is as follows:

|-----|   |-----|   |------|   |-----|   |-----|
|  I  |   |  C  |<->| fxp0 |   |  I  |   |  P  |
|  n  |   |  o  |   |      |   |  n  |   |  o  |
|  t  |   |  r  |   | fxp1 |<->|  t. |   |  w  |
|  e  |   |  e  |   |      |   |     |<->|  e  |
|  r  |<->|     |   |      |   |  H  |   |  r  |
|  n  |   |  H  |<->| dc0  |   |  u  |   |  B  |
|  e  |   |  u  |   |      |   |  b  |   |  o  |
|  t  |   |  b  |   |      |   |     |   |  o  |
|-----|   |-----|   |------|   |-----|   |--k--|

Here's next to last thing I tried:

berlin:kit {1} ifconfig fxp0 down
berlin:kit {2} ifconfig fxp1 down
berlin:kit {3} brconfig bridge0 down
berlin:kit {4} cd /etc
berlin:etc {5} rm hostname.f*
rm: No match.
berlin:etc {6} rm bridgename*
berlin:etc {7} bridgeconfig -a
bridgeconfig: Command not found.
berlin:etc {8} brconfig -a
bridge0: flags=0<>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 15
        Interfaces:
                fxp1 flags=3<LEARNING,DISCOVER>
                        port 2 priority 128
                fxp0 flags=3<LEARNING,DISCOVER>
                        port 1 priority 128
        Addresses (max cache: 100, timeout: 240):
bridge1: flags=0<>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 15
        Interfaces:
        Addresses (max cache: 100, timeout: 240):
berlin:etc {9} brconfig bridge0 delete fxp0
berlin:etc {10} brconfig bridge0 delete fxp1
berlin:etc {11} brconfig -a
bridge0: flags=0<>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 15
        Interfaces:
        Addresses (max cache: 100, timeout: 240):
bridge1: flags=0<>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 15
        Interfaces:
        Addresses (max cache: 100, timeout: 240):
berlin:etc {12} echo "up" > hostname.fxp0
berlin:etc {13} echo "up" > hostname.fxp1
berlin:etc {14} brconfig bridge0 add fxp0 add fxp1 up
berlin:etc {15} echo "add fxp0 add fxp1 up" bridgename.bridge0
add fxp0 add fxp1 up bridgename.bridge0

#I fixed this later, no change

berlin:etc {16} brconfig -a
bridge0: flags=41<UP,RUNNING>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 15
        Interfaces:
                fxp1 flags=3<LEARNING,DISCOVER>
                        port 2 priority 128
                fxp0 flags=3<LEARNING,DISCOVER>
                        port 1 priority 128
        Addresses (max cache: 100, timeout: 240):
bridge1: flags=0<>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 15
        Interfaces:
        Addresses (max cache: 100, timeout: 240):
berlin:etc {17} ifconfig -a
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32972
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 32972
fxp0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (100baseTX)
        status: active
        inet6 fe80::2d0:b7ff:fec3:c2f0%fxp0 prefixlen 64 scopeid 0x1
fxp1: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (10baseT)
        status: active
        inet6 fe80::2d0:b7ff:fec5:7b71%fxp1 prefixlen 64 scopeid 0x2
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (100baseTX)
        status: active
        inet6 fe80::200:94ff:fec7:9572%dc0 prefixlen 64 scopeid 0x3
        inet 12.34.56.2 netmask 0xffffff00 broadcast 12.34.56.255
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=41<UP,RUNNING> mtu 1500
bridge1: flags=0<> mtu 1500
vlan0: flags=0<> mtu 1500
vlan1: flags=0<> mtu 1500
gre0: flags=8010<POINTOPOINT,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
berlin:etc {18} ifconfig fxp0 up
berlin:etc {19} ifconfig fxp1 up
berlin:etc {20} ifconfig -a
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32972
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 32972
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (100baseTX)
        status: active
        inet6 fe80::2d0:b7ff:fec3:c2f0%fxp0 prefixlen 64 scopeid 0x1
fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (10baseT)
        status: active
        inet6 fe80::2d0:b7ff:fec5:7b71%fxp1 prefixlen 64 scopeid 0x2
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (100baseTX)
        status: active
        inet6 fe80::200:94ff:fec7:9572%dc0 prefixlen 64 scopeid 0x3
        inet 12.34.56.2 netmask 0xffffff00 broadcast 12.34.56.255
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=41<UP,RUNNING> mtu 1500
bridge1: flags=0<> mtu 1500
vlan0: flags=0<> mtu 1500
vlan1: flags=0<> mtu 1500
gre0: flags=8010<POINTOPOINT,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
berlin:etc {21} ipfstat
 input packets:         blocked 0 passed 32380 nomatch 17572 counted 0 short 0
output packets:         blocked 0 passed 1347 nomatch 879 counted 0 short 0
 input packets logged:  blocked 0 passed 0
output packets logged:  blocked 0 passed 0
 packets logged:        input 0 output 0
 log failures:          input 0 output 0
fragment state(in):     kept 0  lost 0
fragment state(out):    kept 0  lost 0
packet state(in):       kept 0  lost 0
packet state(out):      kept 0  lost 0
ICMP replies:   0       TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  14482   (out):  468
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
Packet log flags set: (0)
        none
berlin:etc {22} brconfig -a
bridge0: flags=41<UP,RUNNING>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 15
        Interfaces:
                fxp1 flags=3<LEARNING,DISCOVER>
                        port 2 priority 128
                fxp0 flags=3<LEARNING,DISCOVER>
                        port 1 priority 128
        Addresses (max cache: 100, timeout: 240):
bridge1: flags=0<>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 15
        Interfaces:
        Addresses (max cache: 100, timeout: 240):
berlin:etc {23} sh /etc/netstart
configuring IP filter
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
add net default: gateway 12.34.56.7: File exists
writing to routing socket: File exists
configuring NAT
0 entries flushed from NAT table
0 entries flushed from NAT list
berlin:etc {24} brconfig -a
bridge0: flags=41<UP,RUNNING>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 15
        Interfaces:
                fxp1 flags=3<LEARNING,DISCOVER>
                        port 2 priority 128
                fxp0 flags=3<LEARNING,DISCOVER>
                        port 1 priority 128
        Addresses (max cache: 100, timeout: 240):
bridge1: flags=0<>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 15
        Interfaces:
        Addresses (max cache: 100, timeout: 240):

-----

After that I disabled IPFilter. The bridge still does not bridge. I'm at a loss here; I'd think it was hardware if the NICs didn't work when I take the bridge down & give 'em IPs, but they do work when I do that. It's just the bridging that doesn't work. The real kicker is that it _did_ work before I put in my filtering rules, but it didn't work when I took them out again. I feel like that should tell me something right there, but I'm coming up blank.

-Kit

At 4:23 PM -0500 5/11/01, Aaron Jackson wrote:
The documentation fails to mention (or at leas it used to) that you need
to have a hostname.fxpX for each interface in you bridge that contains at
least the word:

up

or on the command line ifconfig fxp0 up.  Bridging does not turn the cards
on.

Aaron