Date: Thu, 29 Sep 2005 11:08:18 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: Yar Tikhiy <yar@comp.chem.msu.su> Cc: freebsd-arch@freebsd.org Subject: Re: Bridges Message-ID: <20050929090818.GD1086@obiwan.tataz.chchile.org> In-Reply-To: <20050928102153.GA86457@comp.chem.msu.su> References: <200509241525.16173.max@love2party.net> <20050924192237.GP40237@cirb503493.alcatel.com.au> <20050928102153.GA86457@comp.chem.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Yar, > Couldn't you bridge across the parent, or trunk, physical interfaces > carrying tagged VLAN traffic then? (Of course, hardware support for > VLAN should be turned off on them in that case.) Since neither ipfw nor pf can filter on VLAN tag at layer 2, this could be pretty useful to be able to bridge vlan(4) interfaces together. For administrative reasons, you may not want to have all the VLANs living onto a physical network being seen to the other side of the bridge. I also know another situation where this can be useful. Once I've been asked to build a single firewall for a whole rack of servers. These servers where remotely administrated by customers and therefore we had no security control over them. Thus we wanted the firewall to protect the servers from the Internet but also from others round servers, that may have been defaced. For other reasons, we needed a bridge and no NAT was possible. The idea was to give each server its own VLAN, and the firewall bridged them together. I set up this firewall with Linux, I would be glad to be able to do so with FreeBSD. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050929090818.GD1086>