Date: Thu, 29 Nov 2001 17:04:07 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Chris Appleton <appleton_chris@yahoo.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: bridge vs. router Message-ID: <20011129165147.C16958-100000@localhost> In-Reply-To: <20011130004746.45569.qmail@web14804.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 29 Nov 2001, Chris Appleton wrote: > Apologies, I am learning and perhaps didn't explain > correctly and will try again. > > I have setup 4.4-release with 2 rl nic for firewalling > purpose. Rather than nat with ipfw, I would prefer to > leave my c block entact and drop BSD with > ipfw/ipfilter (another debate) between my dsl router > (my.existing.subnet.1) and the rest of > my.existing.subnet.xxx > > My question is: can I edit the route table to pass > traffic destined for the gateway (.1) via one adapter > (rl0) and keep the rest of my.existing.subnet.xxx > traffic connected to the other card (rl1)? > Essentially filtering ports (whichever ports I want, > that shouldn't matter here) between. yes. you can send all traffic out through one interface, or traffic destined for a specific address (or network) can be thrown out through that interface. check the man page for route(8) as for the specific syntax for doing this. > OR is a bridge a better fit for this job because it is > meant to split a like subnet (even though i really > only want the gateway .1 on one side and the rest on > the other)? again, this is still dependant on your topology. if you want what's at the end of the DSL link to get similar traffic to what's being sent to the rest of the class C, or don't feel like setting up the various static routes for this. the IPFilter FAQ (http://coombs.anu.edu.au/~avalon/faq/IPFtoc.html) has some details on "fixing" ill designed subnets (or the lack of them) using ipfilter/firewalling. > I've read ipfw on bridge can slooow things down and > bridge doesn't play nice with rl drivers. I have > about 35-40 nodes, some servers. > > Any thoughts appreciated, thanks for the original > reply which I've ommitted to hide my stupidity. i don't think ipfw or ipfilter will noticeably affect your servers. this is a case where you may want to use routing at your gateway, and subnet a small segment over to yourself. this sounds like the least amount of a headache so far. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011129165147.C16958-100000>