From owner-freebsd-questions  Tue Oct 31  0:10:43 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP
	id 90F1F37B6C6; Tue, 31 Oct 2000 00:10:37 -0800 (PST)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Tue, 31 Oct 2000 00:09:15 -0800
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e9V8ATI07684;
	Tue, 31 Oct 2000 00:10:29 -0800 (PST)
	(envelope-from cjc)
Date: Tue, 31 Oct 2000 00:10:24 -0800
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Some Person <ntvsunix@hotmail.com>
Cc: freebsd-questions@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG
Subject: Re: Transparent Ethernet Bridging with IPFW...
Message-ID: <20001031001024.F75251@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <F228MHm5WeHv032jUTK00003889@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <F228MHm5WeHv032jUTK00003889@hotmail.com>; from ntvsunix@hotmail.com on Mon, Oct 30, 2000 at 07:37:19AM +0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Oct 30, 2000 at 07:37:19AM +0000, Some Person wrote:
> Sorry if its a repeat, last msg bounced back for some off reason.
> 
> Quick question. Has anyone done transparent (ipless) bridging in FreeBSD 
> with IPFW? If so, the thing I'm wondering about is, what would you put for 
> $oip=? 0.0.0.0 or nothing at all?

Are you talking about the variables in the "simple" firewall? That is
a starting point for a routing firewall. You probably want to start
almost from scratch. However, I would think $oip = $iip would be the
best answer.  

> Also, like in OpenBSD with IPFilter, doing transparent bridging you had to 
> filter in one direction only, pass in on <if> internal/external. Wondering 
> if it's the same for IPFW?

  $ man ipfw
     .
     .
     .
     Each incoming or outgoing packet is passed through the ipfw rules.  If
     host is acting as a gateway, packets forwarded by the gateway are pro-
     cessed by ipfw twice.  In case a host is acting as a bridge, packets for-
     warded by the bridge are processed by ipfw once.


-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message