Date: Thu, 29 Nov 2001 14:27:07 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Chris Appleton <appleton_chris@yahoo.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: bridge vs router Message-ID: <20011129140520.P16958-100000@localhost> In-Reply-To: <20011129215514.756.qmail@web14801.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 29 Nov 2001, Chris Appleton wrote: > I have a class c that i want to leave exposed but > restrict port access. ok. which ports? why? have you thought out what the breakdown of your network is going to be? > can i configure 4.4-release as a router that allows > traffic to .1 (gateway) on rl0 and the rest of the > subnet on rl1? you could simply set it up as a bridge, or provide more interfaces, and simply break down or route your class C. > or is bridge the only way to split a subnet like that? > and if so is an ipfw bridge fast enough for 30-35 > nodes (some servers)? ipfw should be fine, as long as the hardware you're running FreeBSD on is able to keep up with it. i would suggest avoiding userland packetshaping applications (natd, for example) since they would move packets out of the kernel. i would suggest figuring out how (or if) you want to break down your subnet, then worry about firewalling it. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011129140520.P16958-100000>