Date: Fri, 15 May 1998 15:28:10 -0500 From: MIKE JENKINS <jenkins.mike@epamail.epa.gov> To: freebsd-questions@FreeBSD.ORG Subject: Stealth Firewall Message-ID: <s55c5fc1.050@wpmail.gbr.epa.gov>
next in thread | raw e-mail | index | archive | help
Is it possible to slip a FreeBSD box between a router and a LAN
to provide IP filtering and not change any IP addresses/netmasks?
In other words, change this:
(Internet) ----- |Router| -----LAN-----
200.1.2.0/24
to this:
(Internet) ----- |Router| -----LAN----- |FreeBSD| -----LAN-----
200.1.2.0/24 200.1.2.0/24
FreeBSD will have to either bridge or do proxyarp to help hosts on either
side reach hosts on the other side. (Is this what arpproxy_all="YES" is for?)
Bridging would be preferred so the arp tables have the true MAC address
of a host rather than the FreeBSD MAC address for proxies.
Mike
P.S. I know the new version of drawbridge does this (via bridging)
but I want the filtering capabilities of ipfw or IPfilter.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?s55c5fc1.050>