From owner-freebsd-questions  Thu Nov 29 14:27:24 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from pogo.caustic.org (caustic.org [64.163.147.186])
	by hub.freebsd.org (Postfix) with ESMTP id 5CD9A37B405
	for <freebsd-questions@FreeBSD.ORG>; Thu, 29 Nov 2001 14:27:19 -0800 (PST)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id fATMR7H71709;
	Thu, 29 Nov 2001 14:27:07 -0800 (PST)
	(envelope-from jan@caustic.org)
Date: Thu, 29 Nov 2001 14:27:07 -0800 (PST)
From: "f.johan.beisser" <jan@caustic.org>
X-X-Sender:  <jan@localhost>
To: Chris Appleton <appleton_chris@yahoo.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: bridge vs router
In-Reply-To: <20011129215514.756.qmail@web14801.mail.yahoo.com>
Message-ID: <20011129140520.P16958-100000@localhost>
X-Ignore: This statement isn't supposed to be read by you
X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN?
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, 29 Nov 2001, Chris Appleton wrote:

> I have a class c that i want to leave exposed but
> restrict port access.

ok. which ports? why? have you thought out what the breakdown of your
network is going to be?

> can i configure 4.4-release as a router that allows
> traffic to .1 (gateway) on rl0 and the rest of the
> subnet on rl1?

you could simply set it up as a bridge, or provide more interfaces, and
simply break down or route your class C.

> or is bridge the only way to split a subnet like that?
>  and if so is an ipfw bridge fast enough for 30-35
> nodes (some servers)?

ipfw should be fine, as long as the hardware you're running FreeBSD on is
able to keep up with it. i would suggest avoiding userland packetshaping
applications (natd, for example) since they would move packets out of the
kernel.

i would suggest figuring out how (or if) you want to break down your
subnet, then worry about firewalling it.


-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message