Date: Mon, 5 Feb 2001 09:51:15 -0800 (PST) From: Rich Wales <richw@webcom.com> To: Julian Elischer <julian@elischer.org> Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: netgraph router? (was Re: BRIDGE breaks ARP?) Message-ID: <20010205172708.36311.richw@wyattearp.stanford.edu> In-Reply-To: <3A7E458E.70FB2BF6@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote:
> > > try using netgraph bridging instead.
and I replied:
> > Can't do this until the netgraph code supports ipfirewall
> > or ipfilter.
to which Julian replied:
> why can't you use routing? (ipfw only REALLY works with IP
> packets anyhow..) OR you can do what some people do which
> is make a netgraph 'router' where appletalk and other NON-IP
> packets are bridged and IP packets are routed.
Could you explain this in more detail -- possibly directing me to
an example?
My requirements are:
==> I need to protect my main desktop machine behind a firewall
(which is why I'm running IPFIREWALL on my bridge).
==> My main desktop machine needs to have its own, "public" IP
address (my work requires me to use some Kerberized security
services that won't survive NAT-munging through a router).
==> I have DSL with multiple static IP addresses at home (work
perk), but my static block of addresses isn't big enough
for me to be able to split it further into mini-subnets for
routing purposes, which is why I want to run a bridge rather
than a conventional router.
==> I don't need my firewall to pass any kind of non-IP packets,
other than ARP.
Rich Wales richw@webcom.com http://www.webcom.com/richw/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010205172708.36311.richw>