From owner-freebsd-questions Thu Jun 6 23:21:25 2002 Delivered-To: freebsd-questions@freebsd.org Received: from lexx.zssm.zp.ua (lexx.zssm.zp.ua [212.8.32.8]) by hub.freebsd.org (Postfix) with ESMTP id B6F4237B401; Thu, 6 Jun 2002 23:21:12 -0700 (PDT) Received: from server.hermes-comp.zp.ua (germes-comp.zssm.zp.ua [212.8.32.132] (may be forged)) by lexx.zssm.zp.ua (8.9.2/8.9.2) with ESMTP id JAA04035; Fri, 7 Jun 2002 09:19:38 +0300 (EET DST) Received: from localhost (localhost [127.0.0.1]) by server.hermes-comp.zp.ua (Postfix) with ESMTP id B932638302; Fri, 7 Jun 2002 09:16:03 +0300 (EEST) Date: Fri, 7 Jun 2002 09:16:03 +0300 (EEST) From: Alexander V Zubchenko To: Corey Snow Cc: , Subject: Re: Bridging Firewall In-Reply-To: <3CFFB86C.31738.5BECA9F@localhost> Message-ID: <20020607090727.L60781-100000@server.hermes-comp.zp.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Greetings! On Thu, 6 Jun 2002, Corey Snow wrote: > So I'm being a total masochist. I've never used FreeBSD before, and > got it installed on a truly ancient 486 DX2/66 with 32 MB RAM No You are not. My first FreeBSD box was 486DX2/80 with 8 MB RAM and it was really fast. I even worked with X wthout _very_ annoying delays ;-) > yesterday night. It seems to run well (a helluva lot faster than I > thought it would on such ancient hardware) and I'm pleased so far. > I'm reasonably certain it can handle what I want it to do, based on > the research I've done. I was surprised at how little horsepower it > takes to run a decent firewall. If You are not using X, RDBMS or other processor/memory consuming processes like this, real min to run at acceptable speed is 486DX40/8 > > Goal: To add a second NIC to this beast (it has one currently) and > turn it into a bridging firewall using ipfw and the bridging kernel > options. I've never built a custom kernel before, so I'm diving in, > waiting for the appropriate chapters to get spat out of the printer > before going any further. :) Yes, You need to recompile your kernel (this is well documented either in previous answer or in handbook. And b sured to rem/del out any junkj from there (there r a lot of junk in GENERIC kernel). > > Secondary Goal: To add support for my Panasonic CDROM drive, which is > accessed through an old Creative Labs SoundBlaster. I don't care > about sound support, and I haven't installed X (don't need it on a > firewall box) so the only reason the card is in the machine is that > it can't be driven by any other type of card (even though it has a 40- > pin interface like an IDE drive- that was quite annoying). Get a look at supported hardware list. It is in Handbook also. AFAIR, Panasonic CD-ROM is supported, but this also depend on fbsd version (of course ;)) > > I think I'm pretty comfortable with the process as described, and > worst-case is I have to blow my install away and start over (no big > deal at this stage). However, there's one question I'm not certain > about. > > If I want to add a second ISA Ethernet NIC (I have two GeniusLAN > 10BaseT NICS that work as NE2000 NICS) do I have to run the MAKEDEV > shell script before or after rebuilding the kernel, or does it > matter? I assume it's after, from what I've read. Anyway, the plan is > to back up my kernel, follow the directions on the web site and > configure an new one, rebuild, then use MAKEDEV to add the second > NIC. After that, assuming it all goes well, I guess I'll start > playing with bridging and the firewall rules on a dummy network I > have here. No, You shouldn't to play with MAKEDEV, because NIC devices is virtual. They r not present in /dev or any other place, excepting kernel mind ;) Just rebuild kernel, check info on bootstage and ifconfig appropriate device... > > Comments, suggestions, and/or belly laughs at my ignorance would be > appreciated. :) > > Thanks, > > Corey Snow > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > Always at your service, Alexander To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message