Date: Wed, 21 Jun 2000 13:20:32 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Daniel Killingsworth <dankilling@hotmail.com> Cc: questions@FreeBSD.ORG Subject: Re: packet filters and VLAN Message-ID: <20000621132032.D214@dialin-client.earthlink.net> In-Reply-To: <20000621173638.60947.qmail@hotmail.com>; from dankilling@hotmail.com on Wed, Jun 21, 2000 at 01:36:38PM -0400 References: <20000621173638.60947.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 21, 2000 at 01:36:38PM -0400, Daniel Killingsworth wrote:
> Hi,
>
> I am wondering if FreeBSD 4.0 is capable of segmenting a LAN into 2 VLAN's
> without subetting and acting as a router.
In a word, you want to do bridging. You want a packet filtering bridge
too. See bridge(4).
> I am interested in preserving our
> current network IP addressing scheme, but I need to keep the Appletalk (ugh)
> to one segment. I know that the 3com 3800 switch is capable of such a feat,
> but at $8000, I would have a hard time selling that to the accountants.....
All you need to do is set up bridging (again, bridge(4)) and set it up
to work with ipfw(8). A simple ruleset like,
00100 allow ip from any to any
65535 deny ip from any to any
Would block the Appletalk and pass IP just like bridge(4) says... but
there is a catch. This would block ARP too.
I believe there is/was a hack to pass ARP through an ipfw'ed
bridge. If you look at the default (1.30.2.4) rc.firewall it has,
# If you're using 'options BRIDGE', uncomment the following line to pass ARP
#${fwcmd} add 300 pass udp from 0.0.0.0 2054 to 0.0.0.0
But I have never used this and a developer mentioned on freebsd-ipfw
that this might not really work.
Alternatively, you could get around it by having an ARP proxy daemon
running, but again, I have no personal experience. It's just a
possibility.
If you get this to work, I think freebsd-ipfw would be interested in
hearing. HTH.
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000621132032.D214>