From owner-freebsd-questions  Sun Sep 23  5:42:40 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from voyager.bxscience.edu (voyager.bxscience.edu [167.206.203.44])
	by hub.freebsd.org (Postfix) with ESMTP id 07B2337B434
	for <questions@FreeBSD.ORG>; Sun, 23 Sep 2001 05:42:33 -0700 (PDT)
Received: from there (szarh@66-65-26-238.nyc.rr.com [66.65.26.238])
	by voyager.bxscience.edu (8.10.0/8.10.0) with SMTP id f8NCjWs37626;
	Sun, 23 Sep 2001 08:45:32 -0400 (EDT)
Message-Id: <200109231245.f8NCjWs37626@voyager.bxscience.edu>
Content-Type: text/plain;
  charset="iso-8859-1"
From: Sunny Dubey <dubeys@bxscience.edu>
Reply-To: dubeys@bxscience.edu
Organization: Bronx Science
To: Ian Morrison <ian@darq.net>
Subject: Re: Bridging Questions
Date: Sun, 23 Sep 2001 08:40:21 -0400
X-Mailer: KMail [version 1.3.1]
References: <200109221558.f8MFwas27934@voyager.bxscience.edu> <20010922190130.A28206@phear.darq.net>
In-Reply-To: <20010922190130.A28206@phear.darq.net>
Cc: questions@FreeBSD.ORG
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Saturday 22 September 2001 02:01 pm, you wrote:

<snip>

> > Additionally, the hand book states that there is an option to allow
> > non-IP packets (like ARP) to flow through the bridge.  Is this something
> > I should concern myself with, or just not bother at all.
>
> It depends exactly on what you're doing.  What exactly are you doing?
> You probably don't need it, would be my guess, but then you might...
>

I plan to be running various servers behind this bridged firewall.  They are 
standard services like httpd, pop+imap+smpt+ssl, sftp, dns, etc.

However my setup is a little odd.  It is as followed ...

Internet/Out side world --> Cisco Router (NAT being done here) --> cisco 
swtich --> bridge --> servers

I'm am still unsure of if I should or shouldn't allow for arp packets.  And 
if I do have to enable the "IPFIREWALL_DEFAULT_TO_ACCEPT" will whatever other 
ipfw rules I use still work??

thank you very much for any info you might enlighten me with 

Sunny Dubey

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message