From owner-freebsd-isp  Wed Sep 30 20:41:42 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA00880
          for freebsd-isp-outgoing; Wed, 30 Sep 1998 20:41:42 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from peak.mountin.net (peak.mountin.net [207.227.119.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA00867
          for <freebsd-isp@FreeBSD.ORG>; Wed, 30 Sep 1998 20:41:37 -0700 (PDT)
          (envelope-from jeff-ml@mountin.net)
Received: (from daemon@localhost)
	by peak.mountin.net (8.9.1/8.9.1) id WAA21465;
	Wed, 30 Sep 1998 22:41:33 -0500 (CDT)
Received: from harkol-125.isdn.mke.execpc.com(169.207.64.253) by peak.mountin.net via smap (V1.3)
	id sma021463; Wed Sep 30 22:41:21 1998
Message-Id: <3.0.3.32.19980930223953.007890e4@207.227.119.2>
X-Sender: jeff-ml@207.227.119.2
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Wed, 30 Sep 1998 22:39:53 -0500
To: Archie Cobbs <archie@whistle.com>
From: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
Subject: Re: IPFW, Dual network cards
Cc: freebsd-isp@FreeBSD.ORG
In-Reply-To: <199809301640.JAA26226@bubba.whistle.com>
References: <3612702d.118121810@smtp.shellnet.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 09:40 AM 9/30/98 -0700, Archie Cobbs wrote:
>Steven Fletcher writes:
>> We've been running a combination of IPFW, NATD and IPLTD for some time
>> now - very successfully I might add - at controlling bandwidth and
>> using IP translation for our internal computers.
>> 
>> However we're attempting to make this a little more secure (as
>> changing IP and gateway is a bit easy :>) and would like to know if
>> possible the following:
>> 
>> 1) Will FreeBSD (3.0-19980804-SNAP) allow us to physically separate
>> the network by placing 2 network cards in the machine and connecting
>> one to each of our switches? Do I need anything such as routed to be
>> running?
>
>Are you talking about bridging or routing? If the former, yes but
>with some work (ie, kernel patches). If the latter, just edit rc.conf
>to enable IP forwarding and set up your routes. You don't need routed.

Could you clarify what you mean by "IP forwarding" in rc.conf, which is a bit unclear.  Don't gateway_enable=YES and natd (et all) handle this?

I've found routed next to useless.

>> 2) If so, can this network setup route other protocols - i.e Windows
>> NetBEUI traffic or IPX setup? (I'm really looking for a 'no' answer
>> here - if yes can it be stopped?)
>
>FreeBSD doesn't do that stuff.. it has some vestigial code in the
>kernel but nobody uses it and it's disabled by default.

But doesn't stop NetBEUI over TCP/IP, does it?  This aspect, among others, is rather annoying in dealing with Windoze, as I pointed out privately.


Jeff Mountin - Unix Systems TCP/IP networking
jeff@mountin.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message