From owner-freebsd-questions  Sat Sep 22 11: 1:43 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from phear.darq.net (phear.darq.net [213.253.1.14])
	by hub.freebsd.org (Postfix) with SMTP id 4B3C637B40F
	for <questions@FreeBSD.ORG>; Sat, 22 Sep 2001 11:01:36 -0700 (PDT)
Received: (qmail 15242 invoked by uid 1000); 22 Sep 2001 18:01:31 -0000
Date: Sat, 22 Sep 2001 19:01:30 +0100
From: Ian Morrison <ian@darq.net>
To: Sunny Dubey <dubeys@bxscience.edu>
Cc: questions@FreeBSD.ORG
Subject: Re: Bridging Questions
Message-ID: <20010922190130.A28206@phear.darq.net>
References: <200109221558.f8MFwas27934@voyager.bxscience.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200109221558.f8MFwas27934@voyager.bxscience.edu>; from dubeys@bxscience.edu on Sat, Sep 22, 2001 at 11:53:03AM -0400
X-Url: http://www.darq.net/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sat, Sep 22, 2001 at 11:53:03AM -0400, Sunny Dubey wrote:
> hey,
> 
> I need to setup a firewall using briding, and I've been reading the handbook, 
> but a few questions have poped up.

that's funny; i need a bride using firewalls...  

> First, the handbook states that not all NIC's are supported using bridging, 
> it also states to read the bridge(4) man page, however the man page doesn't 
> list which cards will or won't work under bridging.  Is there a list of cards 
> that will work under bridging??  Will two Intel ExtherExpress Pro/100 PCI 
> cards work?

As memory serves, there's a list of drivers supported somewhere...
regardless, two FXP's will do the job nicely, so then i say, yes.

> Additionally, the hand book states that there is an option to allow non-IP 
> packets (like ARP) to flow through the bridge.  Is this something I should 
> concern myself with, or just not bother at all.

It depends exactly on what you're doing.  What exactly are you doing?
You probably don't need it, would be my guess, but then you might...

> Lastly, should I use ipfw or IPFILTER (ipf).  Would either one of these be an 
> advantage for a bridge based firewall?

Both are well documented;  I prefer IPFilter personally.  There are docs
on installing it on http://www.freebsddiary.org/

> thanks for your help

you're totally welcome.

ian
--
:: darq.net /#/             :: to start press any key | where's the

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message