Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 28 Sep 2000 10:40:14 -0400
From:      Bill Fumerola <billf@chimesnet.com>
To:        Julian Elischer <julian@elischer.org>
Cc:        "Boyd R. Faulkner" <faulkner@asgard.hos.net>, "Peter S. Housel" <housel@acm.org>, freebsd-current@FreeBSD.ORG
Subject:   Re: Network bridge on current.
Message-ID:  <20000928104014.W34501@jade.chc-chimes.com>
In-Reply-To: <Pine.BSF.4.10.10009280032180.17364-100000@InterJet.elischer.org>; from julian@elischer.org on Thu, Sep 28, 2000 at 12:38:40AM -0700
References:  <20000928022230.A967@simon.catburg.net> <Pine.BSF.4.10.10009280032180.17364-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Sep 28, 2000 at 12:38:40AM -0700, Julian Elischer wrote:

> I am not sure about Luigi's bridging code. I know the dummynet stuff
> seems to connect with the ipfw code but I don't think that the 
> bridge code does... (I may be wrong) So I don't know how you plan on
> filtering the bridged segments..

You are wrong, but we'll forgive you. :->

from bridge(4):

         net.link.ether.bridge_ipfw

     Set to 1 to enable ipfw filtering on bridged packets.  Note that ipfw
     rules only apply to IP packets.

from ipfw(8):

     Each incoming or outgoing packet is passed through the ipfw rules.  If
     host is acting as a gateway, packets forwarded by the gateway are pro-
     cessed by ipfw twice.  In case a host is acting as a bridge, packets for-
     warded by the bridge are processed by ipfw once.

the 'bridged' keyword can be used to match only bridged packets, so:

	ipfw add allow tcp from any to any 22 setup bridged
	ipfw add allow tcp from any 22 to any established bridged

would allow ssh over a bridge, but in the absence of other rules, wouldn't
allow it to the actual machine (or if the machine is also a router(?!) it
wouldn't route ssh sessions either.)

-- 
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
                billf@chimesnet.com / billf@FreeBSD.org




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000928104014.W34501>