From owner-freebsd-questions Fri May 15 13:32:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA28988 for freebsd-questions-outgoing; Fri, 15 May 1998 13:32:04 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from wpmail.gbr.epa.gov (wpmail.gbr.epa.gov [204.46.159.160]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id NAA28938 for ; Fri, 15 May 1998 13:31:52 -0700 (PDT) (envelope-from jenkins.mike@epamail.epa.gov) Received: from gbdomain-Message_Server by wpmail.gbr.epa.gov with Novell_GroupWise; Fri, 15 May 1998 15:31:13 -0500 Message-Id: X-Mailer: Novell GroupWise 4.1 Date: Fri, 15 May 1998 15:28:10 -0500 From: MIKE JENKINS To: freebsd-questions@FreeBSD.ORG Subject: Stealth Firewall Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Is it possible to slip a FreeBSD box between a router and a LAN to provide IP filtering and not change any IP addresses/netmasks? In other words, change this: (Internet) ----- |Router| -----LAN----- 200.1.2.0/24 to this: (Internet) ----- |Router| -----LAN----- |FreeBSD| -----LAN----- 200.1.2.0/24 200.1.2.0/24 FreeBSD will have to either bridge or do proxyarp to help hosts on either side reach hosts on the other side. (Is this what arpproxy_all="YES" is for?) Bridging would be preferred so the arp tables have the true MAC address of a host rather than the FreeBSD MAC address for proxies. Mike P.S. I know the new version of drawbridge does this (via bridging) but I want the filtering capabilities of ipfw or IPfilter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message