Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Jun 2001 10:28:28 -0500
From:      "Boyd R. Faulkner" <faulkner@coeli.org>
To:        Julian Elischer <julian@elischer.org>
Cc:        "Thomas T. Veldhouse" <veldy@veldy.net>, "Rogier R. Mulhuijzen" <drwilco@drwilco.net>, freebsd-current@FreeBSD.ORG, vitaly@riss-telecom.ru
Subject:   Re: status of bridge code
Message-ID:  <20010619102828.A6029@empyrean.coeli.org>
In-Reply-To: <3A6F513C.376C173E@elischer.org>; from julian@elischer.org on Wed, Jan 24, 2001 at 02:03:40PM -0800
References:  <4.3.2.7.0.20010124185058.00ac5100@mail.drwilco.net> <3A6F3CBF.5329127@elischer.org> <036c01c08646$d287c600$3028680a@tgt.com> <3A6F513C.376C173E@elischer.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

Is there any documentation (or better, a HOWTO) on how to get firewall 
functionality with netgraph bridging?  I have DSL and 8 addresses and
I like the front machine to act as the firewall.  I have this with 
the old bridge and ipfw but as has been said before, it has problems.

Thanks,
Boyd

On Wed, Jan 24, 2001 at 02:03:40PM -0800, Julian Elischer wrote:
> "Thomas T. Veldhouse" wrote:
> > 
> > > Have a look at what you can do with netgraph first.
> > >
> > > Most people don't know what it is but it allows almost arbitrarily
> > > complicated network topologies to be set up from the command line.
> > >
> > >
> > 
> > Is there any reasonable documentation or a HOWTO on the usage of netgraph?
> > I am currently using the standard bridging code and IPFIREWALL (ipfw) with
> > my dc cards.  No problems so far - as long as I don't use DUMMYNET with it.
> > I really wish I could use DUMMYNET as I need to put bandwidth limits on a
> > few of the computers on my network.
> 
>  /usr/share/examples/netgraph
> man 4 netgraph
> man 4 ng_bridge
> (etc.)
> also a daemon-news article on how it works.
> 
> 
> Rate limitting is one thing that isn't there yet. If we pulled our fingers out,
> I guess we would have ripped the dummynet rate limmiter out of where it is
> and placed it into a netgraph node where it would be generally useful
> instead of being hardcoded into one (sometimes useful) localtion in the 
> netoworking stacks.
> 
> there is a rate limitter based on netgraph available from:
> http://www.riss-telecom.ru/~vitaly/
> 
> but I have not tried it.
> 
> I need to look at it again as I believe it has improved and 
> may be generally useful.
> When I looked at it last it was a bit alpha.
> It probably needs rewriting for the new netgraph API in -current.
> 
> 
> 
> 
> >  
> > Tom Veldhouse
> > veldy@veldy.net
> 
> -- 
>       __--_|\  Julian Elischer
>      /       \ julian@elischer.org
>     (   OZ    ) World tour 2000
> ---> X_.---._/  from Perth, presently in:  Budapest
>             v
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
-- 

        Boyd Faulkner            "The Gods don't drag people,  The Gods
   faulkner@asgard.hos.net        sucker punch them until the poor fools
http://asgard.hos.net/~faulkner   pay attention and do it for themselves." 
           1011101                            - Soror Sia

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010619102828.A6029>