Re: Bridged ethernet with ipnat redirect to local port - getting ICMP redirects instead

[David Young <dyoung%pobox.com@localhost>]

On Mon, Jul 07, 2014 at 09:05:34PM +0200, Thomas Bieg wrote:
> David Young wrote:
> >On Sun, Jul 06, 2014 at 09:01:38PM +1000, Darren Reed wrote:
> >>With respect to the ICMP redirect issue, I suspect that this is down
> >>to poor feature interaction in NetBSD and bridging. Somewhere the code
> >>is treating re0 and re1 as separate interfaces (and thus sending an
> >>ICMP redirect) when in fact they should be treated as one.
> >
> >I agree that IP should treat the two ethernets as one interface: re0 and
> >re1 ought to belong to the same ethernet forwarding domain, and that
> >forwarding domain should have an IPv4 interface stacked on it.
> 
> I'm a bit out of my depth here, but isn't that how FreeBSD handles this?
> From what I gathered, one would assign the IP address to the bridge
> interface there (e.g. bridge0) and not one of the member interfaces.
>
> (Which OTOH seems to be problematic if I need to add a bridge to a running
> system.)

Yep, it is problematic.

I'd rather see a strict separation of L2/L3 responsibilities and a clear
layering, such as what I outline at
<https://mail-index.netbsd.org/tech-net/2011/05/11/msg002614.html>,
than a proliferation of special cases and error conditions.

Dave

-- 
David Young
dyoung%pobox.com@localhost    Urbana, IL    (217) 721-9981