Date: Mon, 8 Jun 1998 04:57:17 +0200 (MET DST) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: easmith@beatrice.rutgers.edu (Allen Smith) Cc: wollman@khavrinen.lcs.mit.edu, net@FreeBSD.ORG Subject: Re: Documenting sysctls (was: Re: kernfs/procfs questions...) Message-ID: <199806080257.EAA15255@labinfo.iet.unipi.it> In-Reply-To: <9806071855.ZM11380@beatrice.rutgers.edu> from "Allen Smith" at Jun 7, 98 06:55:23 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> The code from your page doesn't appear to be currently accessible, so
> I can't check it out. The drawbridge stuff is inadequately
fixed the missing link -- try again and thanks for pointing out the
problem (my code is not configurable at all for firewall purposes,
although it is so small and simple that it will be probably easier
to write some C code to filter unwanted packets than learning a
filter configuration language).
> router. Given this, it looks to me more like a L2-filtering bridge
> than a router.
there are some differences which might not be significant in your
application:
* some restriction on IP addresses you can put on
either side -- with a real bridge you can move machines around
without changing anything (including IP address), with this
setting you have to update the IP address of the machine you
moved.
* you must fraction your address range and configure the routing
daemon on the machine acting as a bridge/router to make hosts
reachable from the outside;
* I am not sure how well this works with non-IP packets (e.g. we
have some MAC talking ethertalk around);
* nor i am sure how well this works with ethernet _and_ IP multicast and
broadcast. Things like bootp might not work anymore across your
gateway.
> While I have considered the load problem - a reason that the machine
> we've gotten for this is a P233, despite that it's only handling 2
> 10-Base-T lines - it isn't nearly as much of a problem as it would be
it's more a bus than a CPU problem. We are running 5 ports on a 386-25
here using my code (of course not at full bw on all interfaces, but it
can keep up with the filtering decently) but just because i don't need
to move all packets to memory.
cheers
luigi
-----------------------------+--------------------------------------
Luigi Rizzo | Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it | Universita' di Pisa
tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/
_____________________________|______________________________________
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806080257.EAA15255>