On Fri, Apr 6, 2018 at 4:40 PM, Aham Brahmasmi <[email protected]> wrote: > Hello misc, > > Problem > A physical server with a switch (add em0 up) cannot access the internet. > However, the same host with a bridge (add em0 up) can access the > internet. > > Steps > $ ifconfig > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 22:22:22:22:22:22 > index 1 priority 0 llprio 3 > groups: egress > media: Ethernet autoselect (1000baseT full-duplex,master) > status: active > inet 20.20.20.20 netmask 0xffffff00 broadcast 20.20.20.255 > ... > $ doas route -n show > Routing tables > > Internet: > Destination Gateway Flags Refs Use Mtu Prio Iface > default 20.20.20.1 UGS 0 1XXX - 8 em0 > 224/4 127.0.0.1 URS 0 0 32768 8 lo0 > 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0 > 127.0.0.1 127.0.0.1 UHhl 1 X 32768 1 lo0 > 20.20.20/24 20.20.20.20 UCn 1 9XX - 4 em0 > 20.20.20.1 33:33:33:33:33:33 UHLch 1 1XXX - 3 em0 > 20.20.20.20 44:44:44:44:44:44 UHLl 0 X - 1 em0 > 20.20.20.255 20.20.20.20 UHb 0 0 - 1 em0 > $ ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8): 56 data bytes > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=61 time=x.xxx ms > ... > $ doas ifconfig switch0 create > $ doas ifconfig switch0 add em0 > $ doas ifconfig switch0 up > $ ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8): 56 data bytes > ^C > --- 8.8.8.8 ping statistics --- > 31 packets transmitted, 0 packets received, 100.0% packet loss
Hi, Seems you haven't started switchd(8), or connected your switch to it -- it shouldn't forward traffic until you do so. > $ ifconfig > em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu > 1500 > lladdr 22:22:22:22:22:22 > index 1 priority 0 llprio 3 > groups: egress > media: Ethernet autoselect (1000baseT full-duplex,master) > status: active > inet 20.20.20.20 netmask 0xffffff00 broadcast 20.20.20.255 > switch0: flags=41<UP,RUNNING> > index 6 llprio 3 > groups: switch > datapath xxxxxxxxxxxxxxxxxx maxflow 10000 maxgroup 1000 > em0 flags=0<> > port 1 ifpriority 0 ifcost 0 > ... > $ doas route -n show > Routing tables > > Internet: > Destination Gateway Flags Refs Use Mtu Prio Iface > default 20.20.20.1 UGS 0 1XXX - 8 em0 > 224/4 127.0.0.1 URS 0 0 32768 8 lo0 > 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0 > 127.0.0.1 127.0.0.1 UHhl 1 X 32768 1 lo0 > 20.20.20/24 20.20.20.20 UCn 1 9XX - 4 em0 > 20.20.20.1 33:33:33:33:33:33 UHLch 1 1XXX - 3 em0 > 20.20.20.20 44:44:44:44:44:44 UHLl 0 X - 1 em0 > 20.20.20.255 20.20.20.20 UHb 0 0 - 1 em0 > $ doas ifconfig switch0 destroy > $ ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8): 56 data bytes > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=61 time=x.xxx ms > > Repeating the above steps with bridge0 does let the ping pass through > after the bridge is brought up. The only delta between the switch and > bridge output is in the ifconfig. > $ ifconfig > bridge0: flags=41<UP,RUNNING> > index 8 llprio 3 > groups: bridge > priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rtsp > em0 flags=3<LEARNING,DISCOVER> > port 1 ifpriority 0 ifcost 0 > ... > > I have run "doas route -n monitor" in a separate session while doing > this. However, I cannot comprehend the output. pf is not involved - > running tcpdump -nettti pflog0 with the catchall "block log" produces > the normal output of blocked packets with the bridge. However, it stops > producing the normal output of blocked packets with the switch. Once the > switch is destroyed, it is back to normal blocked packets output. > > What am I doing wrong/missing? The only thing that stands out to me is > the em0 flags=0<> line in the ifconfig for the switch. And I do not know > what to make of it. > > Regards, > ab > ---------|---------|---------|---------|---------|---------|---------|-- >
