From owner-freebsd-ipfw Thu Aug 10 18:16:24 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from superconductor.rush.net (superconductor.rush.net [208.9.155.8]) by hub.freebsd.org (Postfix) with ESMTP id 6B21C37BBC5 for ; Thu, 10 Aug 2000 18:16:21 -0700 (PDT) (envelope-from trish@bsdunix.net) Received: from localhost (trish@localhost) by superconductor.rush.net (8.9.3/8.9.3) with ESMTP id VAA03237; Thu, 10 Aug 2000 21:16:05 -0400 (EDT) Date: Thu, 10 Aug 2000 21:16:04 -0400 (EDT) From: Siobhan Patricia Lynch X-Sender: trish@superconductor.rush.net To: cjclark@alum.mit.edu Cc: ym g , freebsd-ipfw@FreeBSD.ORG Subject: Re: Bridging firewall In-Reply-To: <20000810000409.B5405@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I do a bridging firewall in front of slashdot. the bridge can only be a bridge, the interfaces can answer to addresses, but doing routing on it is a *bad* idea. for more particulars, email me privately. -Trish __ Trish Lynch FreeBSD - The Power to Serve trish@bsdunix.net Rush Networking trish@rush.net On Thu, 10 Aug 2000, Crist J . Clark wrote: > [Please put in newlines at about 72 columns or so. Each of your > paragraphs is on one line.] > > On Thu, Aug 10, 2000 at 01:43:35AM +0800, ym g wrote: > > Hi, I am trying to setup a bridging firewall and have some questions. > > > > In a bridge, it doesn't seem neccasary to configure any IP's for the 2 interfaces. However, I would like to remotely manage my bridging firewall. If so, does the interface attached to the Internet [router] need the same address as the router or just another address from my segment. I think its the later but my bridging fundamentals are hazy :-( > > Give the machine a unique IP address on your network. It really > doesn't matter which interface gets the address, but for asthetic > reasons, I'd put it on the "outer" interface. > > > Would doing so allow me to telnet/ssh into the bridging firewall box or do I need another interface to get in and leave the original 2 interfaces unconfigured > > No, just assign an IP to one interface. > > > Also, if I have two different leased lines [different blocks], can I use a 4 port NIC like a D-LINK DFE 570 to setup a single machine as a bridging firewall for both networks [using different rulesets] > > Well, now it sounds like you would need to be doing routing since I > doubt different lines will be coming in on the same logical > network. I wouldn't try to do routing and bridging on one box. > -- > Crist J. Clark cjclark@alum.mit.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message