From owner-freebsd-stable  Mon Feb  5  9:52:27 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from wyattearp.stanford.edu (wyattearp.Stanford.EDU [171.64.180.171])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7D98137B503; Mon,  5 Feb 2001 09:52:02 -0800 (PST)
Received: (from richw@localhost)
	by wyattearp.stanford.edu (8.9.3/8.9.3) id JAA40449;
	Mon, 5 Feb 2001 09:51:15 -0800 (PST)
	(envelope-from richw)
Date: Mon, 5 Feb 2001 09:51:15 -0800 (PST)
From: Rich Wales <richw@webcom.com>
X-Sender: richw@wyattearp.stanford.edu
To: Julian Elischer <julian@elischer.org>
Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org
Subject: Re: netgraph router? (was Re: BRIDGE breaks ARP?)
In-Reply-To: <3A7E458E.70FB2BF6@elischer.org>
Message-ID: <20010205172708.36311.richw@wyattearp.stanford.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Julian Elischer wrote:

    > > > try using netgraph bridging instead.

and I replied:

    > > Can't do this until the netgraph code supports ipfirewall
    > > or ipfilter.

to which Julian replied:

    > why can't you use routing?  (ipfw only REALLY works with IP
    > packets anyhow..)  OR you can do what some people do which
    > is make a netgraph 'router' where appletalk and other NON-IP
    > packets are bridged and IP packets are routed.

Could you explain this in more detail -- possibly directing me to
an example?

My requirements are:

==> I need to protect my main desktop machine behind a firewall
    (which is why I'm running IPFIREWALL on my bridge).

==> My main desktop machine needs to have its own, "public" IP
    address (my work requires me to use some Kerberized security
    services that won't survive NAT-munging through a router).

==> I have DSL with multiple static IP addresses at home (work
    perk), but my static block of addresses isn't big enough
    for me to be able to split it further into mini-subnets for
    routing purposes, which is why I want to run a bridge rather
    than a conventional router.

==> I don't need my firewall to pass any kind of non-IP packets,
    other than ARP.

Rich Wales         richw@webcom.com         http://www.webcom.com/richw/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message