Subject: Re: Forwarding issue (solved)
To: None <netbsd-users@netbsd.org>
From: Peter Eisch <peter@boku.net>
List: netbsd-users
Date: 11/16/2007 20:04:19
On 11/15/07 5:28 PM, "Peter Eisch" <peter@boku.net> wrote:

> On 11/15/07 4:09 PM, "Pavel Cahyna" <pavel@netbsd.org> wrote:
>=20
>> On Thu, Nov 15, 2007 at 12:55:20PM -0600, Peter Eisch wrote:
>>>=20
>>> 3.1.x system, i386 if it matters, with six network interfaces (2 bge, 4=
 wm).
>>> There are 60 vlan interfaces (across 1 bge & 3 wm) which fold down to 1=
5
>>> bridges with a tap for each bridge.  There's some ipnat, some ipfilter,=
 some
>>> altq and otherwise a typical router.  Everything works great, has for w=
eeks,
>>> except...=20
>>>=20
>>> I have an address on bge0 (ipf passes all in & out) and the router can =
talk
>>> to everything on the LAN (let's call LAN-A) off bge0.  If I try to conn=
ect
>>> to a system on LAN-A from any system on the other interfaces, the packe=
ts
>>> never get forwarded out bge0.
>>=20
>> Other interfaces? Are those all vlan interfaces or have you tried with
>> systems connected directly to the physical interfaces too?
>>=20
>=20
> They're other vlan & bridged interfaces.  Last night I deleted the addres=
s
> off bge0 and put the same address on a tap, created a vlan for that tag a=
nd
> then bridged them together through one of the "working" physical interfac=
es.
> Same result.  It could see everything originating or terminating on the
> router but wouldn=B9t forward.
>=20

Though it hadn't been used in months, there were entries in /etc/ipsec.conf
which matched the address space and thus dev null'd the packets.  Basically
it did exactly what I was [unfortunately] telling it to do.  My bad.

peter