View Single Post
  #1   (View Single Post)  
Old 29th May 2010
mbw's Avatar
mbw mbw is offline
Port Guard
 
Join Date: May 2010
Location: Seattle, WA
Posts: 13
Default requesting help with "New" way to do Bridging in OpenBSD 4.7

Hi,

Im upgrading a PF firewall to OpenBSD 4.7 and noticed the way that bridges
are set up seems to have changed. Ive still got the old firewall running, and am working on the new one in parallel so I can compare them

In the old firewall (obsd 4.5) it looks like the bridge is configured at boot based on the /etc/bridgename.bridge0 file...


---begin detail for old obsd 4.5 firewall----


# cat /etc/bridgename.bridge0
add em3
add em0
blocknonip em3
blocknonip em0
up
#


# uname -a
OpenBSD blegga 4.5 GENERIC#1749 i386
# ifconfig bridge0
bridge0: flags=41<UP,RUNNING> mtu 1500
priority: 0
groups: bridge
#
---- end detail for old obsd 4.5 -----


When I copied this file over to OBSD 4.7, it didnt seem to get activated
at boot. So I looked at the init scripts and renamed it to /etc/hostname.bridge0

Now it seems to be activated, but I see a lot more stuff when I look at the bridge with ifconfig


---begin detail for new obsd 4.7 firewall----

# uname -a
OpenBSD yadda 4.7 GENERIC.MP#130 amd64
#
# cat /etc/hostname.bridge0
add em0
add em3
blocknonip em0
blocknonip em3
up

#
#
# ifconfig bridge0
bridge0: flags=41<UP,RUNNING>
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
designated: id 00:00:00:00:00:00 priority 0
em3 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
port 4 ifpriority 0 ifcost 0
em0 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
port 1 ifpriority 0 ifcost 0
Addresses (max cache: 100, timeout: 240):
00:11:4f:cd:0b:9b em0 1 flags=0<>
00:01:ba:4b:30:bf em0 1 flags=0<>
00:13:72:64:0f:64 em0 1 flags=0<>
00:55:56:97:56:64 em0 1 flags=0<>
00:0f:1f:6d:10:a9 em0 1 flags=0<>
.... many more lines omitted....
#


---end detail for new obsd 4.7 firewall----


Note: the pf firewall is running with the same ruleset as the old firewall, but the new fw is bridging from the public net to a test switch with only 1 host behind it.


Do I need to change my bridge syntax? Are there new options that werent there for bridges in 4.5 that are now in 4.7? Im confused and want to understand this. Is there an upgrade guide for using Bridges in the new 4.7?

I guess my questions are:

1) is setting up the bridge by using "/etc/hostname.bridge0" the new
accepted way?
2) does my bridge configuration syntax look ok?
3) Has anything changed so that bridge will behave differently in 4.7?
4) what are all the extra details in "ifconfig bridge0" ?


I've always been able to copy over the bridge file as is for years, this is the first time it didnt work. Any help/info appreciated!

Thanks,
Matt
Reply With Quote