From owner-freebsd-questions Mon Dec 10 15:22:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from services.webwarrior.net (overlord-host99.dsl.visi.com [209.98.86.99]) by hub.freebsd.org (Postfix) with ESMTP id C40AB37B405 for ; Mon, 10 Dec 2001 15:22:11 -0800 (PST) Received: from twincat.vladsempire.net (unknown [209.105.45.183]) by services.webwarrior.net (Postfix) with ESMTP id 8C6D6473 for ; Mon, 10 Dec 2001 17:22:20 -0600 (CST) Received: by twincat.vladsempire.net (Postfix, from userid 1001) id 4A4AF3864; Mon, 10 Dec 2001 17:22:11 +0000 (GMT) Date: Mon, 10 Dec 2001 17:22:11 +0000 From: Josh Paetzel To: Chris Appleton Cc: Josh Paetzel , freebsd-questions@FreeBSD.ORG, wmoran@potentialtech.com Subject: Re: make install Message-ID: <20011210172211.O1432@twincat.vladsempire.net> Mail-Followup-To: Chris Appleton , Josh Paetzel , freebsd-questions@FreeBSD.ORG, wmoran@potentialtech.com References: <20011210135754.L1432@twincat.vladsempire.net> <20011210222220.97227.qmail@web14805.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011210222220.97227.qmail@web14805.mail.yahoo.com>; from appleton_chris@yahoo.com on Mon, Dec 10, 2001 at 02:22:20PM -0800 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Thanks to both, you are right! I was treating > /compile/MYKERNEL as a file not another directory. (I > am coming from the 'dark' side if it's not obvious) > > > TCP_RESTRICT_RST is no longer a kernel option. This > > is now controlled > > by a knob in rc.conf. > > > So if I add tcp_restrict_rst="yes", would that qualify > as a 'knob' in rc.conf? Yes. That is exactly right. > > One more: This thing is going to be a filtering > bridge. Please don't convince me to do otherwise - > yet - but do I need to have gateway enabled to make > this work (along with enabling the bridge/ipfw with > net.link cmd's)? Is that the only way packets will > get fwd between adapters? > > Thx again No, bridging doesn't require that gateway_enabled="YES". Everything that comes in one interface goes out the other, and vise versa. Of course for an internet gateway, this means that all of the machines behind it must have public IPs. You might also want to take a look at the IPSTEALTH kernel option... Josh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message