Date: Thu, 14 Dec 2000 19:44:03 -0800 (PST) From: Luigi Rizzo <rizzo@aciri.org> To: cgaylord@vt.edu (Clark Gaylord) Cc: freebsd-net@FreeBSD.ORG Subject: Re: non-learning bridge for pathological network Message-ID: <200012150344.eBF3i3592156@iguana.aciri.org> In-Reply-To: <20001214222838.B84586@cgaylord.async.vt.edu> from Clark Gaylord at "Dec 14, 2000 10:28:39 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, if you want to use bridging and you know the IPs of the hosts on "networks" A, B, and C (which is what you need to use the 'deny' rules) you do not need to hack bridge.c On the other hand, your solution will not block ARPs and subnet-broadcast packets, so i really think the best solution is to use 3 real subnets for A B and C (i.e. different address ranges), set the machine to act as a router (net.inet.ip.forwarding=1) and block traffic between A and C using the firewall below. No bridging or messing with the kernel involved cheers luigi > I am interested in creating a pathological lab network with the > following forwarding rules: > - three networks (A,B,C) > - packets from A or C are forwarded to B > - packets from B are forward to both A and C > > I was thinking of using BRIDGE+ipfw to create this by hacking > bridge.c so that all dsts are UNKNOWN, then filtering via ipfw by > deny ip from A to C > deny ip from C to A > > Seems like this would work, but I was wondering what others' thoughts > might be on this approach. Perhaps BRIDGE could have a (compile-time?) > non-learning flag so that all packets get forwarded as if they are > UNKNOWN. > > Oh, btw, I also want tcpdump to work on any of these interfaces. ;-) > > Thanks. > Clark > cgaylord@vt.edu > > > ----- End forwarded message ----- > > -- > Clark K. Gaylord > Blacksburg, Virginia USA > cgaylord@vt.edu > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012150344.eBF3i3592156>