News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Bug Reports
linktree Topic: bridge mode unreliable?
Pages: [1]
Topic: bridge mode unreliable?  (Read 2106 times)
« on: August 27, 2010, 12:33:06 »
martin42 *
Posts: 21
Is anyone else seeing odd behaviour with bridged interfaces - intermittently working?

I have a no-NAT /29 DMZ subnet, which is bridged across two interfaces (just to save having a switch for only two hosts in the DMZ).  As I understand it, you should be able to set up all the firewall rules for the first interface in the bridge, then just bridge the second interface to the first with no more firewall rules.

Usually, it all works, but sometimes the device on the second interface isn't able to send traffic, as (for example) outbound DNS requests get blocked (as shown in Syslog).  So sometimes I end up rebooting the firewall, then it seems to work OK after that.

Right now, it's mostly working, but the device on the second interface is unable to ask the first device for NTP, even though there's an 'any any udp 123' rule in place.  The syslog shows the NTP traffic being dropped as it tries to go across the bridge.

At this point I'm thinking of splitting the /29 into two /30's to avoid the problem - which would also let me improve the firewall rules.  But this involves renumbering two hosts.

Any ideas?
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines