From owner-freebsd-questions Thu Feb 8 12:16:57 2001 Delivered-To: freebsd-questions@freebsd.org Received: from femail12.sdc1.sfba.home.com (femail12.sdc1.sfba.home.com [24.0.95.108]) by hub.freebsd.org (Postfix) with ESMTP id 130DF37B6AF for ; Thu, 8 Feb 2001 12:16:37 -0800 (PST) Received: from home.com ([24.177.141.133]) by femail12.sdc1.sfba.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20010208201636.ZTMJ605.femail12.sdc1.sfba.home.com@home.com>; Thu, 8 Feb 2001 12:16:36 -0800 Message-ID: <3A82FEA4.3666D366@home.com> Date: Thu, 08 Feb 2001 12:16:36 -0800 From: "Raymundo M. Vega" X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.5.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Julian Zottl Cc: FreeBSD Questions Subject: Re: Bridging and routing problem... References: <200102081626.LAA77762@gateway.vsl.cua.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The behavior of the switch should be the same if you use the firewall as a bridge or a gateway. When the switch is turned on, it uses the packets in the net to "learn" the channel on which each MAC address is and should come to a minimum as time goes. Rather than answer if bridging is better for your network, I like to point thet you will have better control in the firewall if you use it as a gateway. This is in man bridge: Set to 1 to enable ipfw filtering on bridged packets. Note that ipfw rules only apply to IP packets. Non-IP packets are subject to the de- fault ipfw rule (number 65535) which must be an allow rule if we want ARP and other non-IP packets to flow through the bridge. If you use it as a gateway, you can filter TCP/UDP packets as well. uerte raymundo Julian Zottl wrote: > > Hello all, I have looked for a solution to this for awhile, but havn't > been able to find it (probably a glaringly obvious). I have the > following setup: > > Internet 137.242.188.2 137.242.189.1 > --------><--------------Firewall------------->LAN (137.242.189.0) > I use bridging to link the two together and IPFW for a firewall. My > problem is that all traffic that comes from the internet is broadcast > to my entire subnet! Visually I see this on all my switches as the > entire thing lights up. I know that bridging is supposed to do > broadcasting like this, but is there a better solution. I had ran > routed at one point, but the majority of the experts I know say that I > should have been doing bridging, so I switched. Any help is much > appriciated! Please CC me any answers as I am not on tha mailing list > any more. > Julian Zottl > System Administrator, The Vitreous State Laboratory > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message