From owner-freebsd-current Tue Jun 19 8:30:23 2001 Delivered-To: freebsd-current@freebsd.org Received: from empyrean.coeli.org (empyrean.coeli.org [207.8.92.35]) by hub.freebsd.org (Postfix) with ESMTP id 590FA37B401 for ; Tue, 19 Jun 2001 08:30:16 -0700 (PDT) (envelope-from faulkner@empyrean.coeli.org) Received: (from faulkner@localhost) by empyrean.coeli.org (8.11.4/8.11.1) id f5JFST813633; Tue, 19 Jun 2001 10:28:29 -0500 (CDT) (envelope-from faulkner) Date: Tue, 19 Jun 2001 10:28:28 -0500 From: "Boyd R. Faulkner" To: Julian Elischer Cc: "Thomas T. Veldhouse" , "Rogier R. Mulhuijzen" , freebsd-current@FreeBSD.ORG, vitaly@riss-telecom.ru Subject: Re: status of bridge code Message-ID: <20010619102828.A6029@empyrean.coeli.org> References: <4.3.2.7.0.20010124185058.00ac5100@mail.drwilco.net> <3A6F3CBF.5329127@elischer.org> <036c01c08646$d287c600$3028680a@tgt.com> <3A6F513C.376C173E@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A6F513C.376C173E@elischer.org>; from julian@elischer.org on Wed, Jan 24, 2001 at 02:03:40PM -0800 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Is there any documentation (or better, a HOWTO) on how to get firewall functionality with netgraph bridging? I have DSL and 8 addresses and I like the front machine to act as the firewall. I have this with the old bridge and ipfw but as has been said before, it has problems. Thanks, Boyd On Wed, Jan 24, 2001 at 02:03:40PM -0800, Julian Elischer wrote: > "Thomas T. Veldhouse" wrote: > > > > > Have a look at what you can do with netgraph first. > > > > > > Most people don't know what it is but it allows almost arbitrarily > > > complicated network topologies to be set up from the command line. > > > > > > > > > > Is there any reasonable documentation or a HOWTO on the usage of netgraph? > > I am currently using the standard bridging code and IPFIREWALL (ipfw) with > > my dc cards. No problems so far - as long as I don't use DUMMYNET with it. > > I really wish I could use DUMMYNET as I need to put bandwidth limits on a > > few of the computers on my network. > > /usr/share/examples/netgraph > man 4 netgraph > man 4 ng_bridge > (etc.) > also a daemon-news article on how it works. > > > Rate limitting is one thing that isn't there yet. If we pulled our fingers out, > I guess we would have ripped the dummynet rate limmiter out of where it is > and placed it into a netgraph node where it would be generally useful > instead of being hardcoded into one (sometimes useful) localtion in the > netoworking stacks. > > there is a rate limitter based on netgraph available from: > http://www.riss-telecom.ru/~vitaly/ > > but I have not tried it. > > I need to look at it again as I believe it has improved and > may be generally useful. > When I looked at it last it was a bit alpha. > It probably needs rewriting for the new netgraph API in -current. > > > > > > > > Tom Veldhouse > > veldy@veldy.net > > -- > __--_|\ Julian Elischer > / \ julian@elischer.org > ( OZ ) World tour 2000 > ---> X_.---._/ from Perth, presently in: Budapest > v > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message -- Boyd Faulkner "The Gods don't drag people, The Gods faulkner@asgard.hos.net sucker punch them until the poor fools http://asgard.hos.net/~faulkner pay attention and do it for themselves." 1011101 - Soror Sia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message