Date: 28 Sep 2001 14:20:08 -0700 From: swear@blarg.net (Gary W. Swearingen) To: Mike Porter <mupi@mknet.org> Cc: freebsd-stable@freebsd.org Subject: Re: 127/8 continued Message-ID: <izlmizj9mf.miz@localhost.localdomain> In-Reply-To: <200109272225.f8RMPLH02946@c1828785-a.saltlk1.ut.home.com> References: <20010924094048.X5906-100000@coredump.scriptkiddie.org> <200109271411.f8REBNH02164@c1828785-a.saltlk1.ut.home.com> <4cd74ctsac.74c@localhost.localdomain> <200109272225.f8RMPLH02946@c1828785-a.saltlk1.ut.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm really feeling guilty for using so much of people's time (including my own), so I want you to please feel free to ignore this. You write: > While this is possible using NAT at the DSL router (most of them support it > there), as a general rule, any machine that accepts packets from the > internet, and injects packets to the internet, including a firewall, needs a > public ("routeable") IP. As long as I can set my DSL's router to make my firewall the DSL router's gateway (and I can), I don't see why the firewall needs a public IP. What or who needs to have "DST" addressed to my firewall? It or they should be satisfied talking to my other hosts, no? > ( I guess FBSD supports transparent bridgeing with ipfw, but I > haven't investigated it much) http://www.FreeBSD.org/doc/en_US.ISO8859-1/articles/filtering-bridges/index.html shows how to set it up two-legged (but barely introduces the concepts). Someone warned of possible problems, esp. three-legged, I suppose from lack of use & bug-reporting. > There would be no > way, to use your example, for somone tracerouting your /29, to know that > a.b.c.2 and a.b.c.4 are on separate subnets. I'll have to trust you that they can determine that and that I should care. Actually that should be "I WILL trust you..." and take the advice of experts even if I don't understand the reasons. I'm sure I can live with the various problems of NAT in configuration and behavior. > ummm....yeah, I must have menat that <(}; Actually I think I was thinking > of /30 rather than /31. Which would give a similar problem as /29. But don't worry about it. > The only thing you lose is the DMZ. Having a DMZ was the only reason I'm messing with any of this. > > I think you're confusing gatewaying with bridging. > > > Yeah, although the terminology is frequently used interchangeably. That > doesn't make it right. The distinction I would draw is between transparent > bridging (which is what you describe) and "normal" bridging, which is > probably better referred to as "gateway" or "relay" behaviour. I think > gateway or relay behaviour is more what you are after. Or "switching" > behavior might be the term. In my little description of bridging I erred in considering it a cable insert. I think the principle purpose of bridges is to limit the propagation of broadcasts to parts of a many-host network. I agree with your last comment; I want a filtering switch more than a filtering bridge (though I'm not sure there's a difference with just two other hosts). I wonder if that "filtering bridge" article should comment on this topic. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?izlmizj9mf.miz>