[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: L2 broadcast and NAT state



On Thursday, Apr 3, 2003, at 05:00 US/Pacific, Daniel Hartmeier wrote:

On Fri, Mar 28, 2003 at 12:36:20PM -0800, Trevor Talbot wrote:

I agree, especially since it works fine on a local interface.  Not
forwarding it on an IP level is inconsistent.

Ok, I asked, and the consensus seems to be that those broadcasts should not get forwarded, as there could be several IP forwarders on the network, and they'd all forward the same broadcast if that were the default.

Ah, ok.


You can slightly change your kernel to not assign the M_BCAST flag on
ethernet level for the ethernet broadcast mac address, to work around
your specific setup, if you like. If you need help for that patch, let
me know.

Now that you've told me where to look, I can probably manage this, thanks.

I did play with fastroute and reply-to; fastroute didn't make any
difference, and reply-to dropped the packet on the right interface,
but going inbound?!  It got nailed by my source address check as a
result.

And just as something to toss out there to think about: even for
IP-level broadcast packets, if pf is translating the destination
address, is it still a broadcast?