From owner-freebsd-net Sun Jun 7 21:34:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA28415 for freebsd-net-outgoing; Sun, 7 Jun 1998 21:34:59 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id VAA28383 for ; Sun, 7 Jun 1998 21:34:40 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id EAA15255; Mon, 8 Jun 1998 04:57:17 +0200 From: Luigi Rizzo Message-Id: <199806080257.EAA15255@labinfo.iet.unipi.it> Subject: Re: Documenting sysctls (was: Re: kernfs/procfs questions...) To: easmith@beatrice.rutgers.edu (Allen Smith) Date: Mon, 8 Jun 1998 04:57:17 +0200 (MET DST) Cc: wollman@khavrinen.lcs.mit.edu, net@FreeBSD.ORG In-Reply-To: <9806071855.ZM11380@beatrice.rutgers.edu> from "Allen Smith" at Jun 7, 98 06:55:23 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > The code from your page doesn't appear to be currently accessible, so > I can't check it out. The drawbridge stuff is inadequately fixed the missing link -- try again and thanks for pointing out the problem (my code is not configurable at all for firewall purposes, although it is so small and simple that it will be probably easier to write some C code to filter unwanted packets than learning a filter configuration language). > router. Given this, it looks to me more like a L2-filtering bridge > than a router. there are some differences which might not be significant in your application: * some restriction on IP addresses you can put on either side -- with a real bridge you can move machines around without changing anything (including IP address), with this setting you have to update the IP address of the machine you moved. * you must fraction your address range and configure the routing daemon on the machine acting as a bridge/router to make hosts reachable from the outside; * I am not sure how well this works with non-IP packets (e.g. we have some MAC talking ethertalk around); * nor i am sure how well this works with ethernet _and_ IP multicast and broadcast. Things like bootp might not work anymore across your gateway. > While I have considered the load problem - a reason that the machine > we've gotten for this is a P233, despite that it's only handling 2 > 10-Base-T lines - it isn't nearly as much of a problem as it would be it's more a bus than a CPU problem. We are running 5 ports on a 386-25 here using my code (of course not at full bw on all interfaces, but it can keep up with the filtering decently) but just because i don't need to move all packets to memory. cheers luigi -----------------------------+-------------------------------------- Luigi Rizzo | Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it | Universita' di Pisa tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/ _____________________________|______________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message