DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th May 2010
mbw's Avatar
mbw mbw is offline
Port Guard
 
Join Date: May 2010
Location: Seattle, WA
Posts: 13
Default requesting help with "New" way to do Bridging in OpenBSD 4.7

Hi,

Im upgrading a PF firewall to OpenBSD 4.7 and noticed the way that bridges
are set up seems to have changed. Ive still got the old firewall running, and am working on the new one in parallel so I can compare them

In the old firewall (obsd 4.5) it looks like the bridge is configured at boot based on the /etc/bridgename.bridge0 file...


---begin detail for old obsd 4.5 firewall----


# cat /etc/bridgename.bridge0
add em3
add em0
blocknonip em3
blocknonip em0
up
#


# uname -a
OpenBSD blegga 4.5 GENERIC#1749 i386
# ifconfig bridge0
bridge0: flags=41<UP,RUNNING> mtu 1500
priority: 0
groups: bridge
#
---- end detail for old obsd 4.5 -----


When I copied this file over to OBSD 4.7, it didnt seem to get activated
at boot. So I looked at the init scripts and renamed it to /etc/hostname.bridge0

Now it seems to be activated, but I see a lot more stuff when I look at the bridge with ifconfig


---begin detail for new obsd 4.7 firewall----

# uname -a
OpenBSD yadda 4.7 GENERIC.MP#130 amd64
#
# cat /etc/hostname.bridge0
add em0
add em3
blocknonip em0
blocknonip em3
up

#
#
# ifconfig bridge0
bridge0: flags=41<UP,RUNNING>
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
designated: id 00:00:00:00:00:00 priority 0
em3 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
port 4 ifpriority 0 ifcost 0
em0 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
port 1 ifpriority 0 ifcost 0
Addresses (max cache: 100, timeout: 240):
00:11:4f:cd:0b:9b em0 1 flags=0<>
00:01:ba:4b:30:bf em0 1 flags=0<>
00:13:72:64:0f:64 em0 1 flags=0<>
00:55:56:97:56:64 em0 1 flags=0<>
00:0f:1f:6d:10:a9 em0 1 flags=0<>
.... many more lines omitted....
#


---end detail for new obsd 4.7 firewall----


Note: the pf firewall is running with the same ruleset as the old firewall, but the new fw is bridging from the public net to a test switch with only 1 host behind it.


Do I need to change my bridge syntax? Are there new options that werent there for bridges in 4.5 that are now in 4.7? Im confused and want to understand this. Is there an upgrade guide for using Bridges in the new 4.7?

I guess my questions are:

1) is setting up the bridge by using "/etc/hostname.bridge0" the new
accepted way?
2) does my bridge configuration syntax look ok?
3) Has anything changed so that bridge will behave differently in 4.7?
4) what are all the extra details in "ifconfig bridge0" ?


I've always been able to copy over the bridge file as is for years, this is the first time it didnt work. Any help/info appreciated!

Thanks,
Matt
Reply With Quote
  #2   (View Single Post)  
Old 30th May 2010
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by mbw View Post
Im upgrading a PF firewall to OpenBSD 4.7 and noticed the way that bridges
are set up seems to have changed.
Correct. This was announced November 2009. In the following archive entry for the "Following -current" document, search for "bridge" to find where it was mentioned:

http://www.openbsd.org/cgi-bin/cvswe...-cvsweb-markup
Quote:
Do I need to change my bridge syntax?
It would be worth your while to study the ifconfig(8) manpage as all bridging functionality was moved under ifconfig(8)'s control.
Quote:
is setting up the bridge by using "/etc/hostname.bridge0" the new
accepted way?
Yes.
Quote:
I've always been able to copy over the bridge file as is for years, this is the first time it didnt work.
This change is mentioned in the 4.7 "Upgrade Guide"":

http://www.openbsd.org/faq/upgrade47.html#bridge

It is worth your time to study this document for each new version especially when old configuration files are being dragged forward.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to replace "ectags" with "ctags"? fender0107401 OpenBSD Packages and Ports 5 16th April 2013 10:01 AM
wpa_supplicant errors: "CTRL-EVENT-SCAN-RESULTS" jackburke FreeBSD General 0 1st February 2010 12:07 AM
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" jb_daefo Guides 0 5th October 2009 09:31 PM
"Thanks" and "Edit Tags". diw Feedback and Suggestions 2 29th March 2009 12:06 AM
Newbie-friendly "printing in OpenBSD" guide wanted Shagbag OpenBSD Packages and Ports 5 7th July 2008 09:26 PM


All times are GMT. The time now is 07:06 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick