Just revived an aging laptop (details at end) for occasional use as a
logging/filtering bridge. Went through the brconfig man page once I had
two NICs in the box. man brconfig has in its Examples section (in both
3.7 and Current) the encouraging text
Create a bridge pseudo network device:
# ifconfig bridge0 create
Add the Ethernet interfaces rl0 and xl0 to the bridge bridge0,
and have the bridge start forwarding packets:
# brconfig bridge0 add rl0 add xl0 up
It may be obvious to all but the Noob, but this is not quite enough to
'have the bridge start forwarding packets' in a meaningful,
least-surprise sense. Although the two NICs - in my case, xl0 and ep1 -
are usefully set into Promiscuous and Broadcast mode, they aren't
actually brought UP. In order for packets to actually flow, you need to
further incant
ifconfig rl0 up
ifconfig xl0 up
(sticking to the manpage example's NIC names).
With those incantations, btw, the bridge works just fine, allowing
tcpdump to log packets like a good 'un. And packet-passing can be turned
off and on again with great speedy speed and great easeful ease with the
commands 'brconfig bridge0 down' and 'brconfig bridge0 up'; s/br/if/
also works fine.
I leave it to the Relevant Authorities whether to classify this in one
of the three categories suggested in the Subject: line, or dispose of it
some other way. Those three possibilities, in order of increasing work, are
a) dismiss this as a newbie whinge - of *course* each network
interface needs an 'ifconfig up'. D'oh!
b) tweak the documentation to add the one-liner
# ifconfig rl0 up; ifconfig xl0 up
to the relevant Example;
c) tweak the brconfig code so that 'up' not only brings up the bridge
itself, but brings the NICs up too. (Probably a less than brilliant
suggestion, as it entangles things which should not be entangulated:
by symmetry, a 'brconfig bridge0 down' would rationally have to
down the two ends of the bridge, which would be Unexpected and
Inconvenient.
Stefek
Config dets: OBSD 3.7 generic, running on HP Omnibook 5500, 48MB RAM, in
its docking station; one NIC in the docking station's PCI slot, a 3Com
3C905; the other in one of the PCMCIA slots, a 3Com 3C589. dmesg
available on request (already posted to dmesg@ a few days back, tho'
with a slightly different h/w setup).
