Note To Moderator's: I am creating a new topic instead of adding to the previous one because I am trying a different approach. I am trying to use ipfw now instead of ipfilter. I cannot edit the original thread because of the time limit placed on editing. I feel it would be counter productive and confusing to post all the new info under my original post which contains outdated info. Thanks for understanding.

------------

Overview
Section 1 - What I'm attempting and the problem
Section 2 - Network Setup
Section 3 - Data Gathering
Section 4 - Specific Questions
Section 5 - Resources Checked
Section 6 - Files Edited

---------------
Overview: |
---------------

OK. Back to the topic at hand! I have been logging everything I do while attempting to setup this transparent FreeBSD bridge. I have also been creating a tutorial as I go along that I plan on posting if I can accomplish this task and finish this project.

I included the resources used, suggestions tried, and everything I have done step by step. This is becoming quite a challenge, and I am determined to get it working. Maybe I can suck a few of you into my determination. Geeks unite! hahaha

Anyway, here it is. All experiences, ideas, and suggestions welcome!

----------------------------------------------------------------
Section 1 - What I'm attempting and the problem |
----------------------------------------------------------------

I want to turn a FreeBSD 4.9 Stable computer into a transparent bridge AND firewall using two NIC cards. Neither card assigned an IP Addresses. I want this to be an invisible bridge on the network that cannot be seen from the outside OR the inside. I am not setting this up to use NAT or be a Gateway. I want this to be a transparent bridge going from dc0 (nic card 1) directly to and through sis0 (nic card 2) with IPFW filtering in between.

It is not working.

----------------------------------
Section 2 - Network Setup |
----------------------------------

Wire goes from Gateway Router with DHCP Server
to NIC Card 1 (dc0) in FreeBSD Bridge / Firewall Machine
data should pass to NIC Card 2 (sis0) in FreeBSD Bridge / Firewall machine which is plugged into a Switch Uplink Port (using cross over cable).
Computers I want behind bridge are plugged into the switch

All cards and switch ports are lit.

-----------------------------------
Section 3 - Data Gathering |
-----------------------------------

TCPDump -i dc0 reports random requests from the dhcp server / router / internet.
TCPDump -i sis0 reports computers on switch broadcasting asking for ip from dhcp server

The TCPDumps do not seem to show any similar traffic from one nic to the other. Just incoming traffic from what it is plugged into.

Internet is definitely up and running. I tested it by taking the wire that was plugged in dc0 (wire from the dhcp server / router / gateway) and plugging it directly into the computer that was previously plugged into the switch (the one im trying to get connected through the FreeBSD Box). The computer grabs an IP Address no problem and has internet access.

To me the problem seems to be that the Bridge is not working correctly. Both cards seem to be receiving traffic from their end, but not passing it on to the other NIC. Maybe they can't comunicate with each other? Both are up and running in promiscuous mode.

Added log_in_vain="YES" to rc.conf. Should log everything going through ipfw.
Used tail -f /var/log/messages
All I saw were tty logins (from me switching terminals) and some DNS attempts to 127.0.0.1 (myself) from 127.0.01 (myself). I thought that may be a little strange. Does anyone know if the lo0 (loopback interface) needs to be set to anything?

--------------------------------------
Section 4 - Specific Questions |
--------------------------------------

1) Could FreeBSD 4.9 Stable require a patch to act as a bridge? Previous versions did. But from what I understand 4.9 Stable doesn't.

2) Are there any files I missed that may need to be edited in order to enable the bridge?

3) The man page for bridge says: "Bridging requires interfaces to be put in promiscuous mode, and transmit packets with ethernet source addresses." I know my cards are in promiscuos mode, but is there anyway to check if they can transmit packets with ethernet source addresses?

4) The man page for bridge also says: "bridging is not compatible with interfaces which use hardware loopback". How can I tell if my interfaces are using hardware loopback? Does this have to do with the lo0 interface that is currently set to 127.0.0.1?

4a.) Does anyone know if the lo0 (loopback interface) needs to be set to anything specific?

5) Since in rc.conf I have firewall_type="open" it should not matter if the firewall is running or not right? It could make sense that the firewall is blocking dc0 and sis0 from each, but it shouldn't be. Anyway I can see if dco and sis0 can at least pass data to each other? Any kind of command? Keep in mind niether interfaces have an ip address.

6) How can I check that my firewall is truely running?

6a.) Anyway to check if my bridge is actually running?

7) For logging info I looked at: /var/log/messages. Are there any other logs worth taking a look at?

8) In the files I include below, does anyone see anything that may cause a problem, or cancel each other out? For example, could my rc.conf settings be overriding the Kernel settings or something like that?

-----------------------------------------
Section 5 - Resources Checked: |
-----------------------------------------

Exactly what I am attempting:

http://www.freebsd.org/doc/en_US.ISO.../bridging.html - Followed this tutorial to the T. Not sure whay it still doesn't work. Anyone notice something I may have missed?
http://www.freebsd.org/doc/en/articl...idges-how.html - Very similar to the above tutorial. More technical detiail supplied. Again, didn't see anything I missed.
http://www.freebsd.org/cgi/man.cgi?q...idge&sektion=4 - Man page for Bridge

Some what helpful resources:

http://ezine.daemonnews.org/200211/ipfilter-bridge.html - Enables the bridge in Kernel same way, but uses IPFilter instead of ipfw

Other resources but unfortunately no info:

http://www.openbsd.org/faq/faq6.html#Bridge - OpenBSD Instructions, completely different setup and files than FreeBSD

------------------------------
Section 6 - Files Edited |
------------------------------
-------------------
Edits To Kernel:
-------------------

# To enable kernel bridge / firewall support
# /usr/src/sys/i386/conf/GENERIC

# Enable kernel support for bridging
options BRIDGE
# Use the bridge as a firewall
options IPFIREWALL
# Enable logging functions of the firewall
options IPFIREWALL_VERBOSE
# Allow non-IP packets (such as ARP) to flow through the bridge
options IPFIREWALL_DEFAULT_TO_ACCEPT

-------------------------
Edits To sysctl.conf |
-------------------------

# Enabling the Bridge
# /etc/sysctl.conf

# Enable the bridge at runtime
net.link.ether.bridge=1
# Enable bridging on the specified interfaces
net.link.ether.bridge_cfg=dc0:0,sis0:0
# Enable bridged packets to be filtered by ipfw
net.link.ether.bridge_ipfw=1

---------------------
Edits to rc.conf |
---------------------

# Set network cards for bridging
# /etc/rc.conf

# Set both interfaces to promisc mode and put up
# No ip addresses are assigned
ifconfig_dc0="PROMISC UP"
ifconfig_sis0="PROMISC UP"

# Enable Firewall
firewall_enable="YES"
# Set firewall to open
firewall_type="open"
# Do not show rules loading
firewall_quiet="YES"
# Enable firewall logging
firewall_logging="YES"

# Should log everything going through ipfw
log_in_vain="YES"