From owner-freebsd-current Thu Sep 28 8:27:15 2000 Delivered-To: freebsd-current@freebsd.org Received: from simon.catburg.net (cust-92-32.customer.jump.net [207.8.92.32]) by hub.freebsd.org (Postfix) with ESMTP id 592F637B53A for ; Thu, 28 Sep 2000 08:21:40 -0700 (PDT) Received: (from faulkner@localhost) by simon.catburg.net (8.11.0/8.11.0) id e8SFHnv01849; Thu, 28 Sep 2000 10:17:49 -0500 (CDT) (envelope-from faulkner) Date: Thu, 28 Sep 2000 10:17:49 -0500 From: "Boyd R. Faulkner" To: Bill Fumerola Cc: Julian Elischer , "Boyd R. Faulkner" , "Peter S. Housel" , freebsd-current@FreeBSD.ORG Subject: Re: Network bridge on current. Message-ID: <20000928101749.A1798@simon.catburg.net> References: <20000928022230.A967@simon.catburg.net> <20000928104014.W34501@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20000928104014.W34501@jade.chc-chimes.com>; from billf@chimesnet.com on Thu, Sep 28, 2000 at 10:40:14AM -0400 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Alas, net.link.ether.bridge(_ipfw) are no longer settable via sysctl. That is my main problem. I cannot do what the documentation says. Unfortunately, I cannot even test what I have until tonight as the machine for the other side of the bridge has no video. I stole it, AGP, to replace the PCI card so I would have room for another network card. Thanks again, Boyd On Thu, Sep 28, 2000 at 10:40:14AM -0400, Bill Fumerola wrote: > On Thu, Sep 28, 2000 at 12:38:40AM -0700, Julian Elischer wrote: > > > I am not sure about Luigi's bridging code. I know the dummynet stuff > > seems to connect with the ipfw code but I don't think that the > > bridge code does... (I may be wrong) So I don't know how you plan on > > filtering the bridged segments.. > > You are wrong, but we'll forgive you. :-> > > from bridge(4): > > net.link.ether.bridge_ipfw > > Set to 1 to enable ipfw filtering on bridged packets. Note that ipfw > rules only apply to IP packets. > > from ipfw(8): > > Each incoming or outgoing packet is passed through the ipfw rules. If > host is acting as a gateway, packets forwarded by the gateway are pro- > cessed by ipfw twice. In case a host is acting as a bridge, packets for- > warded by the bridge are processed by ipfw once. > > the 'bridged' keyword can be used to match only bridged packets, so: > > ipfw add allow tcp from any to any 22 setup bridged > ipfw add allow tcp from any 22 to any established bridged > > would allow ssh over a bridge, but in the absence of other rules, wouldn't > allow it to the actual machine (or if the machine is also a router(?!) it > wouldn't route ssh sessions either.) > > -- > Bill Fumerola - Network Architect, BOFH / Chimes, Inc. > billf@chimesnet.com / billf@FreeBSD.org > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message Boyd -- Boyd Faulkner "...but the chocolate at faulkner@asgard.hos.net Rumpelmayer's is great..." http://asgard.hos.net/~faulkner -- A. Crowley Book of Lies 1011101 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message