Date: Thu, 28 Sep 2000 10:17:49 -0500 From: "Boyd R. Faulkner" <faulkner@asgard.hos.net> To: Bill Fumerola <billf@chimesnet.com> Cc: Julian Elischer <julian@elischer.org>, "Boyd R. Faulkner" <faulkner@asgard.hos.net>, "Peter S. Housel" <housel@acm.org>, freebsd-current@FreeBSD.ORG Subject: Re: Network bridge on current. Message-ID: <20000928101749.A1798@simon.catburg.net> In-Reply-To: <20000928104014.W34501@jade.chc-chimes.com>; from billf@chimesnet.com on Thu, Sep 28, 2000 at 10:40:14AM -0400 References: <20000928022230.A967@simon.catburg.net> <Pine.BSF.4.10.10009280032180.17364-100000@InterJet.elischer.org> <20000928104014.W34501@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alas, net.link.ether.bridge(_ipfw) are no longer settable via sysctl. That is
my main problem. I cannot do what the documentation says. Unfortunately,
I cannot even test what I have until tonight as the machine for the other
side of the bridge has no video. I stole it, AGP, to replace the PCI
card so I would have room for another network card.
Thanks again,
Boyd
On Thu, Sep 28, 2000 at 10:40:14AM -0400, Bill Fumerola wrote:
> On Thu, Sep 28, 2000 at 12:38:40AM -0700, Julian Elischer wrote:
>
> > I am not sure about Luigi's bridging code. I know the dummynet stuff
> > seems to connect with the ipfw code but I don't think that the
> > bridge code does... (I may be wrong) So I don't know how you plan on
> > filtering the bridged segments..
>
> You are wrong, but we'll forgive you. :->
>
> from bridge(4):
>
> net.link.ether.bridge_ipfw
>
> Set to 1 to enable ipfw filtering on bridged packets. Note that ipfw
> rules only apply to IP packets.
>
> from ipfw(8):
>
> Each incoming or outgoing packet is passed through the ipfw rules. If
> host is acting as a gateway, packets forwarded by the gateway are pro-
> cessed by ipfw twice. In case a host is acting as a bridge, packets for-
> warded by the bridge are processed by ipfw once.
>
> the 'bridged' keyword can be used to match only bridged packets, so:
>
> ipfw add allow tcp from any to any 22 setup bridged
> ipfw add allow tcp from any 22 to any established bridged
>
> would allow ssh over a bridge, but in the absence of other rules, wouldn't
> allow it to the actual machine (or if the machine is also a router(?!) it
> wouldn't route ssh sessions either.)
>
> --
> Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
> billf@chimesnet.com / billf@FreeBSD.org
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
Boyd
--
Boyd Faulkner "...but the chocolate at
faulkner@asgard.hos.net Rumpelmayer's is great..."
http://asgard.hos.net/~faulkner -- A. Crowley Book of Lies
1011101
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000928101749.A1798>