From owner-freebsd-questions Wed Sep 27 8:12:58 2000 Delivered-To: freebsd-questions@freebsd.org Received: from tiger.fhsu.edu (tiger.fhsu.edu [198.248.101.178]) by hub.freebsd.org (Postfix) with ESMTP id 566B737B423 for ; Wed, 27 Sep 2000 08:12:56 -0700 (PDT) Subject: IPFW, Bridging, and IPX To: freebsd-questions@FreeBSD.ORG X-Mailer: Lotus Notes Release 5.0.4a July 24, 2000 Message-ID: From: afleming@fhsu.edu Date: Wed, 27 Sep 2000 10:12:49 -0500 X-MIMETrack: Serialize by Router on NotesHub/FHSU(Release 5.0.4a |July 24, 2000) at 09/27/2000 10:12:56 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a FreeBSD 4.1 that I am setting up as a Filtering Bridge. I have added the following to my kernel and rebuilt it. options BRIDGE options IPFIREWALL options IPFIREWALL_VERBOSE I have the bridge working correctly. Currently I have the firewall rules set to open, so any IP traffic goes through. This is working so far, but it was my understanding that a FreeBSD Bridge would only Bridge IP, but when I put a sniffer on the inside of the bridge, I keep seeing IPX broadcasts, (As well as Apple Talk Broadcasts also.) Has the bridge code recently changed? Is there a way I can block everything but IP and ARP traffic? I know ARP's Ethernet protocol number is 2054. Can I use the special UDP rule to block IPX and Apple based on its protocol number? I know I could subnet the address space and route it, but subnetting a /24 network just because I need to put 4 machines behind a firewall is not worth the trouble. I can't use NAT because I have to use rotatable IPs in these machines, so the best solution I found so far is a filtering bridge. Thanks for any help anyone can provide. Andrew Fleming Fort Hays State University Computing Center Phone: (785) 628-4433 E-mail: afleming@fhsu.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message