Date: Thu, 08 Feb 2001 12:16:36 -0800 From: "Raymundo M. Vega" <RaymundoVega@home.com> To: Julian Zottl <julianz@vsl.cua.edu> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Bridging and routing problem... Message-ID: <3A82FEA4.3666D366@home.com> References: <200102081626.LAA77762@gateway.vsl.cua.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
The behavior of the switch should be the same if
you use the firewall as a bridge or a gateway.
When the switch is turned on, it uses the packets
in the net to "learn" the channel on which each
MAC address is and should come to a minimum as
time goes.
Rather than answer if bridging is better for your
network, I like to point thet you will have better
control in the firewall if you use it as a gateway.
This is in man bridge:
Set to 1 to enable ipfw filtering on bridged packets. Note that ipfw
rules only apply to IP packets. Non-IP packets are subject to the de-
fault ipfw rule (number 65535) which must be an allow rule if we want ARP
and other non-IP packets to flow through the bridge.
If you use it as a gateway, you can filter TCP/UDP packets as well.
uerte
raymundo
Julian Zottl wrote:
>
> Hello all, I have looked for a solution to this for awhile, but havn't
> been able to find it (probably a glaringly obvious). I have the
> following setup:
>
> Internet 137.242.188.2 137.242.189.1
> --------><--------------Firewall------------->LAN (137.242.189.0)
> I use bridging to link the two together and IPFW for a firewall. My
> problem is that all traffic that comes from the internet is broadcast
> to my entire subnet! Visually I see this on all my switches as the
> entire thing lights up. I know that bridging is supposed to do
> broadcasting like this, but is there a better solution. I had ran
> routed at one point, but the majority of the experts I know say that I
> should have been doing bridging, so I switched. Any help is much
> appriciated! Please CC me any answers as I am not on tha mailing list
> any more.
> Julian Zottl
> System Administrator, The Vitreous State Laboratory
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A82FEA4.3666D366>