From owner-freebsd-questions@FreeBSD.ORG Wed May 28 01:30:46 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 241D4FAF for ; Wed, 28 May 2014 01:30:46 +0000 (UTC) Received: from geonosis.vindaloo.com (geonosis.vindaloo.com [IPv6:2001:470:1f07:26b:0:ac18:9026:1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "smtp.vindaloo.com", Issuer "Vindaloo CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id EA3852B4E for ; Wed, 28 May 2014 01:30:45 +0000 (UTC) Received: from [IPv6:2001:470:1f07:26b:22c9:d0ff:fecc:b867] (unknown [IPv6:2001:470:1f07:26b:22c9:d0ff:fecc:b867]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by geonosis.vindaloo.com (Postfix) with ESMTPSA id 06460BE3A; Tue, 27 May 2014 21:30:43 -0400 (EDT) Subject: Re: transparent bridge ~ firewall Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Content-Type: multipart/signed; boundary="Apple-Mail=_065CCFAD-692D-498B-8554-906D793FF97F"; protocol="application/pgp-signature"; micalg=pgp-sha1 From: Christopher Hilton In-Reply-To: <537ADD0E.5020803@paz.bz> Date: Tue, 27 May 2014 21:30:42 -0400 Message-Id: <7AE311B2-271B-4600-9DBC-4EC53F970EC0@vindaloo.com> References: <537ADD0E.5020803@paz.bz> To: Jim Pazarena X-Mailer: Apple Mail (2.1510) Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2014 01:30:46 -0000 --Apple-Mail=_065CCFAD-692D-498B-8554-906D793FF97F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On May 20, 2014, at 12:41 AM, Jim Pazarena wrote: > Is it possible to configure fbsd so that it passes traffic thru two > nics "transparently", (with a third nic installed as the management = IP)? >=20 > So that firewall rules can be applied between those two transparent > nics? Don't want NAT, don't want routing. Just firewall "allow", = "drop", > or re-direct. >=20 > I purchased a device which uses debian to do this. I would like to > see if I can duplicate the functions on FreeBSD, my OS of choice. >=20 FreeBSD may be able to do this by building a bridge device between two = interfaces and then using pf on the individual interfaces. I'm not 100% = on the capabilities of FreeBSD's bridge devices. I do this on OpenBSD = and it works very well.=20 -- Chris --Apple-Mail=_065CCFAD-692D-498B-8554-906D793FF97F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJThTxDAAoJEE2ar4QHIpj4B0gQAKhpOOp1cJR8sk1RgDvLI/tW O3NAwlaTfdB1+C2uy8OUIeDPMAFO2ZwoaQKKZUTVQsHyGfF4JcQzIFdknlwnFv7v iCU6wFAGbkwX7N6ernz52hT3stnawgansga2anoXgp2zXUzTntJbQm4p1Jd0KxHO U26yfkpy07QYo8PF5HI1khteWhaA3GzzhQ9UeWQpP5XmvGfOg5YDjqccZ8Ye6w3H Fv139BivpAvMR9YrmrriDw8XhoQTmode6MTypR40MuCYnfjNjpe8MkrzbyH5N4ub dIS4XlBh46iOHe5nHtSWKFByIcMN37fA4RmYIOjMd4wMNqNSXgYgSrShDBfui+W1 bgOAJYKVJ8dC0BQ3FOcyx83E4pJtj+aXBjq8w+fz6ypVqLXnD+gYxTJkXLHwaFvL n9nSjMVA+4m/TcP9YbHJpuBpf5Po+LG6yQIeCyJXq5+nQzOjwn12nBm6/+quH+t/ rm/wRoVUBiHhQRFkr1uhGR0anGxLGbjQ1g6aSz6uzVlIis2tQMbukJADAWV2uUSt ojkRGzUyWZKkfV8TZNaQ++uAvaPEHRojQXFQrQPr4EUhPl4nz6v5XzN6X5kvsx8y 6rFUroSI5ZhyxCetVMvGjCWLjlRuAHixp+oKPkfBR8i0S0Ns98zwmYIrLq/mn4E5 p9YBByRozxC2n4ZMfQtc =QaU2 -----END PGP SIGNATURE----- --Apple-Mail=_065CCFAD-692D-498B-8554-906D793FF97F--