From owner-freebsd-ipfw Thu Aug 10 0: 4:14 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id CE65137B80E for ; Thu, 10 Aug 2000 00:04:11 -0700 (PDT) (envelope-from cjc@149.211.6.64.reflexcom.com) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Thu, 10 Aug 2000 00:03:08 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.9.3/8.9.3) id AAA07377; Thu, 10 Aug 2000 00:04:09 -0700 (PDT) (envelope-from cjc) Date: Thu, 10 Aug 2000 00:04:09 -0700 From: "Crist J . Clark" To: ym g Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Bridging firewall Message-ID: <20000810000409.B5405@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <20000809174335.69663.qmail@graffiti.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000809174335.69663.qmail@graffiti.net>; from ymg@graffiti.net on Thu, Aug 10, 2000 at 01:43:35AM +0800 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [Please put in newlines at about 72 columns or so. Each of your paragraphs is on one line.] On Thu, Aug 10, 2000 at 01:43:35AM +0800, ym g wrote: > Hi, I am trying to setup a bridging firewall and have some questions. > > In a bridge, it doesn't seem neccasary to configure any IP's for the 2 interfaces. However, I would like to remotely manage my bridging firewall. If so, does the interface attached to the Internet [router] need the same address as the router or just another address from my segment. I think its the later but my bridging fundamentals are hazy :-( Give the machine a unique IP address on your network. It really doesn't matter which interface gets the address, but for asthetic reasons, I'd put it on the "outer" interface. > Would doing so allow me to telnet/ssh into the bridging firewall box or do I need another interface to get in and leave the original 2 interfaces unconfigured No, just assign an IP to one interface. > Also, if I have two different leased lines [different blocks], can I use a 4 port NIC like a D-LINK DFE 570 to setup a single machine as a bridging firewall for both networks [using different rulesets] Well, now it sounds like you would need to be doing routing since I doubt different lines will be coming in on the same logical network. I wouldn't try to do routing and bridging on one box. -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message