From owner-freebsd-questions@FreeBSD.ORG  Fri Mar 24 18:53:31 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 43A8B16A400
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Mar 2006 18:53:31 +0000 (UTC)
	(envelope-from mailing-lists@msdi.ca)
Received: from mail02.msdihosting.net (9.67-18-64.networks.msdihosting.net
	[64.18.67.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id C03CA43D45
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Mar 2006 18:53:30 +0000 (GMT)
	(envelope-from mailing-lists@msdi.ca)
Received: from ian.msdi.ca ([70.83.205.150])
	by mail02.msdihosting.net ((iPlanet Messaging Server 5.2 HotFix 1.21
	(built Sep 8 2003))) with SMTP id CLI20599; 
	Fri, 24 Mar 2006 13:55:26 -0500
Message-Id: <7.0.0.16.2.20060324134859.04e33b90@msdi.ca>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.0.16
Date: Fri, 24 Mar 2006 13:53:02 -0500
To: Imran Imtiaz <imran@darkstar.thelakecity.com.pk>,
	freebsd-questions@freebsd.org
From: Ian Lord <mailing-lists@msdi.ca>
In-Reply-To: <200603241837.k2OIbpBo051200@darkstar.thelakecity.com.pk>
References: <200603241837.k2OIbpBo051200@darkstar.thelakecity.com.pk>
Mime-Version: 1.0
X-DEBUG: 1
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: 
Subject: Re: pix 501 and freebsd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2006 18:53:31 -0000

At 13:37 2006-03-24, Imran Imtiaz wrote:
>how can i use pix firewall to make a transparent to on my freebsd server.
>sorry if i am on the wrong place.

Not sure if this is what you need, but I guess you are talking about 
a "layer 2" bridged firewall..

Pix OS supports this only from version 7 and pix 501 and pix 506 
cannot upgrade yet to this version (not sure if they will ever be able to)

A transparent firewall like this just sits beside your switch and 
your computer and the only layer 2 traffic that can pass through is 
arp. All other frame will get deencapsulated and a layer 3 (and up) 
access-list will be applied.

This is what is called a transparent firewall as it is transparent on 
your network :)

With a pix 501, you will need to use nat ou pat or simulate a 
"router" with the "nat 0" command...

Hope this helps