From owner-freebsd-stable Fri Sep 28 14:16: 8 2001 Delivered-To: freebsd-stable@freebsd.org Received: from lists.blarg.net (lists.blarg.net [206.124.128.17]) by hub.freebsd.org (Postfix) with ESMTP id B19BF37B409 for ; Fri, 28 Sep 2001 14:16:02 -0700 (PDT) Received: from thig.blarg.net (thig.blarg.net [206.124.128.18]) by lists.blarg.net (Postfix) with ESMTP id 61024BCE3; Fri, 28 Sep 2001 14:16:02 -0700 (PDT) Received: from localhost.localdomain ([206.124.139.115]) by thig.blarg.net (8.9.3/8.9.3) with ESMTP id OAA05852; Fri, 28 Sep 2001 14:16:01 -0700 Received: (from jojo@localhost) by localhost.localdomain (8.11.6/8.11.3) id f8SLK9400563; Fri, 28 Sep 2001 14:20:09 -0700 (PDT) (envelope-from swear@blarg.net) To: Mike Porter Cc: freebsd-stable@freebsd.org Subject: Re: 127/8 continued References: <20010924094048.X5906-100000@coredump.scriptkiddie.org> <200109271411.f8REBNH02164@c1828785-a.saltlk1.ut.home.com> <4cd74ctsac.74c@localhost.localdomain> <200109272225.f8RMPLH02946@c1828785-a.saltlk1.ut.home.com> From: swear@blarg.net (Gary W. Swearingen) Date: 28 Sep 2001 14:20:08 -0700 In-Reply-To: <200109272225.f8RMPLH02946@c1828785-a.saltlk1.ut.home.com> Message-ID: Lines: 60 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm really feeling guilty for using so much of people's time (including my own), so I want you to please feel free to ignore this. You write: > While this is possible using NAT at the DSL router (most of them support it > there), as a general rule, any machine that accepts packets from the > internet, and injects packets to the internet, including a firewall, needs a > public ("routeable") IP. As long as I can set my DSL's router to make my firewall the DSL router's gateway (and I can), I don't see why the firewall needs a public IP. What or who needs to have "DST" addressed to my firewall? It or they should be satisfied talking to my other hosts, no? > ( I guess FBSD supports transparent bridgeing with ipfw, but I > haven't investigated it much) http://www.FreeBSD.org/doc/en_US.ISO8859-1/articles/filtering-bridges/index.html shows how to set it up two-legged (but barely introduces the concepts). Someone warned of possible problems, esp. three-legged, I suppose from lack of use & bug-reporting. > There would be no > way, to use your example, for somone tracerouting your /29, to know that > a.b.c.2 and a.b.c.4 are on separate subnets. I'll have to trust you that they can determine that and that I should care. Actually that should be "I WILL trust you..." and take the advice of experts even if I don't understand the reasons. I'm sure I can live with the various problems of NAT in configuration and behavior. > ummm....yeah, I must have menat that <(}; Actually I think I was thinking > of /30 rather than /31. Which would give a similar problem as /29. But don't worry about it. > The only thing you lose is the DMZ. Having a DMZ was the only reason I'm messing with any of this. > > I think you're confusing gatewaying with bridging. > > > Yeah, although the terminology is frequently used interchangeably. That > doesn't make it right. The distinction I would draw is between transparent > bridging (which is what you describe) and "normal" bridging, which is > probably better referred to as "gateway" or "relay" behaviour. I think > gateway or relay behaviour is more what you are after. Or "switching" > behavior might be the term. In my little description of bridging I erred in considering it a cable insert. I think the principle purpose of bridges is to limit the propagation of broadcasts to parts of a many-host network. I agree with your last comment; I want a filtering switch more than a filtering bridge (though I'm not sure there's a difference with just two other hosts). I wonder if that "filtering bridge" article should comment on this topic. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message