From owner-freebsd-questions Thu Jun 6 19:31:14 2002 Delivered-To: freebsd-questions@freebsd.org Received: from valis.olywa.net (valis.olywa.net [216.173.192.2]) by hub.freebsd.org (Postfix) with ESMTP id 609F837B400; Thu, 6 Jun 2002 19:30:47 -0700 (PDT) Received: from intrepid.snowpoint.com ([216.173.213.173]) by valis.olywa.net (Post.Office MTA v3.5.3 release 223 ID# 0-56662U5000L500S0V35) with ESMTP id net; Thu, 6 Jun 2002 19:30:46 -0700 Received: from ([216.173.213.172]) by intrepid.snowpoint.com (Merak 4.10.020) with SMTP id HUB36795; Thu, 06 Jun 2002 19:26:17 -0700 From: "Corey Snow" To: freebsd-newbies@freebsd.org, freebsd-questions@freebsd.org Date: Thu, 6 Jun 2002 19:30:52 -0700 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Bridging Firewall Message-ID: <3CFFB86C.31738.5BECA9F@localhost> X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG So I'm being a total masochist. I've never used FreeBSD before, and got it installed on a truly ancient 486 DX2/66 with 32 MB RAM yesterday night. It seems to run well (a helluva lot faster than I thought it would on such ancient hardware) and I'm pleased so far. I'm reasonably certain it can handle what I want it to do, based on the research I've done. I was surprised at how little horsepower it takes to run a decent firewall. Goal: To add a second NIC to this beast (it has one currently) and turn it into a bridging firewall using ipfw and the bridging kernel options. I've never built a custom kernel before, so I'm diving in, waiting for the appropriate chapters to get spat out of the printer before going any further. :) Secondary Goal: To add support for my Panasonic CDROM drive, which is accessed through an old Creative Labs SoundBlaster. I don't care about sound support, and I haven't installed X (don't need it on a firewall box) so the only reason the card is in the machine is that it can't be driven by any other type of card (even though it has a 40- pin interface like an IDE drive- that was quite annoying). I think I'm pretty comfortable with the process as described, and worst-case is I have to blow my install away and start over (no big deal at this stage). However, there's one question I'm not certain about. If I want to add a second ISA Ethernet NIC (I have two GeniusLAN 10BaseT NICS that work as NE2000 NICS) do I have to run the MAKEDEV shell script before or after rebuilding the kernel, or does it matter? I assume it's after, from what I've read. Anyway, the plan is to back up my kernel, follow the directions on the web site and configure an new one, rebuild, then use MAKEDEV to add the second NIC. After that, assuming it all goes well, I guess I'll start playing with bridging and the firewall rules on a dummy network I have here. Comments, suggestions, and/or belly laughs at my ignorance would be appreciated. :) Thanks, Corey Snow To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message