From owner-freebsd-questions Mon May 18 14:36:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA09989 for freebsd-questions-outgoing; Mon, 18 May 1998 14:36:29 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA09853 for ; Mon, 18 May 1998 14:35:42 -0700 (PDT) (envelope-from dwhite@gdi.uoregon.edu) Received: from localhost (dwhite@localhost) by gdi.uoregon.edu (8.8.8/8.8.8) with SMTP id OAA10107; Mon, 18 May 1998 14:35:19 -0700 (PDT) (envelope-from dwhite@gdi.uoregon.edu) Date: Mon, 18 May 1998 14:35:19 -0700 (PDT) From: Doug White Reply-To: Doug White To: MIKE JENKINS cc: freebsd-questions@FreeBSD.ORG Subject: Re: Stealth Firewall In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 15 May 1998, MIKE JENKINS wrote: > Is it possible to slip a FreeBSD box between a router and a LAN > to provide IP filtering and not change any IP addresses/netmasks? > In other words, change this: > > (Internet) ----- |Router| -----LAN----- > 200.1.2.0/24 > > to this: > > (Internet) ----- |Router| -----LAN----- |FreeBSD| -----LAN----- > 200.1.2.0/24 200.1.2.0/24 > > FreeBSD will have to either bridge or do proxyarp to help hosts on either > side reach hosts on the other side. No, it'll have to bridge, which it doesn't. FreeBSD don't let you do this anyway, since you'll have two MACs on the same "net" and the routing Just Won't Work. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message