From owner-freebsd-pf@FreeBSD.ORG Sun Nov 25 10:28:21 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 666AC16A468 for ; Sun, 25 Nov 2007 10:28:21 +0000 (UTC) (envelope-from jordi.espasa@opengea.org) Received: from mail.opengea.org (234.pool85-48-253.static.orange.es [85.48.253.234]) by mx1.freebsd.org (Postfix) with ESMTP id 0E80B13C458 for ; Sun, 25 Nov 2007 10:28:19 +0000 (UTC) (envelope-from jordi.espasa@opengea.org) Received: from localhost (tartarus [127.0.0.1]) by mail.opengea.org (Opengea.org Project MailServer) with ESMTP id 4FF11D50056 for ; Sun, 25 Nov 2007 11:02:01 +0100 (CET) X-Virus-Scanned: amavisd-new at opengea.org Received: from mail.opengea.org ([127.0.0.1]) by localhost (mail.opengea.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id b9jAH9E9pp8j for ; Sun, 25 Nov 2007 11:02:01 +0100 (CET) Received: from ares.my.domain (17.Red-88-25-64.staticIP.rima-tde.net [88.25.64.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jordi.espasa@opengea.org) by mail.opengea.org (Opengea.org Project MailServer) with ESMTP id 5F221D50054 for ; Sun, 25 Nov 2007 11:01:59 +0100 (CET) Message-ID: <474948BE.1000704@opengea.org> Date: Sun, 25 Nov 2007 11:04:46 +0100 From: Jordi Espasa Clofent User-Agent: Thunderbird 2.0.0.6 (X11/20070818) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Transparent FW: PF+briging mode X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Nov 2007 10:28:21 -0000 Hi all, I'm planning to build a transparent FW using PF+bridging mode; the network arquitecture will be: [Internet] <-> ( xl0 ) ( xl2 ) <-> ( switchs ) <-> (clients with /23 public IPs ) I've read a lot in this list and other places about some problems with bridging mode and PF; but I don't understand exactly where is the problem. Maybe it's an old problem solved at present moment, because these post were is 2004/2005 and related to 5.x: http://lists.freebsd.org/mailman/htdig/freebsd-pf/2005-August/001369.html http://lists.freebsd.org/mailman/htdig/freebsd-pf/2005-January/000745.html http://lists.freebsd.org/pipermail/freebsd-pf/2005-November/001697.html My questions are: ¿Is possible to build the commented arquitecture with _ALL_ pf features available? ¿Can the FW (pf) inspect and act on the packets which pass through the bridge with clients as final destination? ¿Are there differences related to this problem in using 6.x or 7.x branches? -- Thanks Jordi Espasa Clofent