From owner-freebsd-current Fri Apr 24 01:03:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA18272 for freebsd-current-outgoing; Fri, 24 Apr 1998 01:03:05 -0700 (PDT) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA18236 for ; Fri, 24 Apr 1998 01:03:01 -0700 (PDT) (envelope-from kpielorz@tdx.co.uk) Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242]) by caladan.tdx.co.uk (8.8.8/8.8.8) with ESMTP id JAA08340; Fri, 24 Apr 1998 09:02:10 +0100 (BST) (envelope-from kpielorz@tdx.co.uk) Message-ID: <35404702.C76E25A2@tdx.co.uk> Date: Fri, 24 Apr 1998 09:02:10 +0100 From: Karl Pielorz Organization: TDX X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: Luigi Rizzo CC: current@FreeBSD.ORG Subject: Re: Bridging... References: <199804240607.IAA20557@labinfo.iet.unipi.it> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Luigi Rizzo wrote: > I am trying to see what could be the best way to implement bridging > within FreeBSD. The main app would be to connect 10/100 Mbit > interfaces in the most transparent way (I know doing packet filtering > on a 100 Mbit segment places a bit of load on the host and a > dedicated solution could be cheaper/more efficient). > > Comments/opinions ? That's funny - I was going ask _EXACTLY_ how you could do this with FreeBSD! We're thinking of putting a FBSD machine 'between' our Cisco 2503 and the rest of the LAN - the firewalling on FreeBSD is now 'better' than that on our aging IOS Cisco - plus the box can 'capture' the bad packets - rather than just junking them... I'd like to have done it 'transparently' somehow - literally just copying the traffic from say one fxp interface to another - running it through IPFW (if possible) on the way... Otherwise we have to do some renumbering and waste another 4 IP addresses (2 host subnet) on this, which although is no major shakes it would be nice to do it a bit 'cleaner'... So - Yes, I think it's a good idea! > when configured as a bridge, just set the interfaces in promiscuous > mode, and pass incoming packets to the other interfaces in the > cluster using the usual bridging algorithms (see my bridge code on > my web page). Would this include running through IPFW or similar? - and could it still use bpf etc. to sniff packets? Regards, Karl Pielorz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message