Date: Tue, 19 Jun 2001 10:28:28 -0500 From: "Boyd R. Faulkner" <faulkner@coeli.org> To: Julian Elischer <julian@elischer.org> Cc: "Thomas T. Veldhouse" <veldy@veldy.net>, "Rogier R. Mulhuijzen" <drwilco@drwilco.net>, freebsd-current@FreeBSD.ORG, vitaly@riss-telecom.ru Subject: Re: status of bridge code Message-ID: <20010619102828.A6029@empyrean.coeli.org> In-Reply-To: <3A6F513C.376C173E@elischer.org>; from julian@elischer.org on Wed, Jan 24, 2001 at 02:03:40PM -0800 References: <4.3.2.7.0.20010124185058.00ac5100@mail.drwilco.net> <3A6F3CBF.5329127@elischer.org> <036c01c08646$d287c600$3028680a@tgt.com> <3A6F513C.376C173E@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Is there any documentation (or better, a HOWTO) on how to get firewall functionality with netgraph bridging? I have DSL and 8 addresses and I like the front machine to act as the firewall. I have this with the old bridge and ipfw but as has been said before, it has problems. Thanks, Boyd On Wed, Jan 24, 2001 at 02:03:40PM -0800, Julian Elischer wrote: > "Thomas T. Veldhouse" wrote: > > > > > Have a look at what you can do with netgraph first. > > > > > > Most people don't know what it is but it allows almost arbitrarily > > > complicated network topologies to be set up from the command line. > > > > > > > > > > Is there any reasonable documentation or a HOWTO on the usage of netgraph? > > I am currently using the standard bridging code and IPFIREWALL (ipfw) with > > my dc cards. No problems so far - as long as I don't use DUMMYNET with it. > > I really wish I could use DUMMYNET as I need to put bandwidth limits on a > > few of the computers on my network. > > /usr/share/examples/netgraph > man 4 netgraph > man 4 ng_bridge > (etc.) > also a daemon-news article on how it works. > > > Rate limitting is one thing that isn't there yet. If we pulled our fingers out, > I guess we would have ripped the dummynet rate limmiter out of where it is > and placed it into a netgraph node where it would be generally useful > instead of being hardcoded into one (sometimes useful) localtion in the > netoworking stacks. > > there is a rate limitter based on netgraph available from: > http://www.riss-telecom.ru/~vitaly/ > > but I have not tried it. > > I need to look at it again as I believe it has improved and > may be generally useful. > When I looked at it last it was a bit alpha. > It probably needs rewriting for the new netgraph API in -current. > > > > > > > > Tom Veldhouse > > veldy@veldy.net > > -- > __--_|\ Julian Elischer > / \ julian@elischer.org > ( OZ ) World tour 2000 > ---> X_.---._/ from Perth, presently in: Budapest > v > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message -- Boyd Faulkner "The Gods don't drag people, The Gods faulkner@asgard.hos.net sucker punch them until the poor fools http://asgard.hos.net/~faulkner pay attention and do it for themselves." 1011101 - Soror Sia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010619102828.A6029>