Re: Network bridge on current.

Thu, 28 Sep 2000 08:20:17 -0700 

Alas, net.link.ether.bridge(_ipfw) are no longer settable via sysctl.  That is
my main problem.  I cannot do what the documentation says.  Unfortunately,
I cannot even test what I have until tonight as the machine for the other
side of the bridge has no video.  I stole it, AGP, to replace the PCI
card so I would have room for another network card.

Thanks again,
Boyd

On Thu, Sep 28, 2000 at 10:40:14AM -0400, Bill Fumerola wrote:
> On Thu, Sep 28, 2000 at 12:38:40AM -0700, Julian Elischer wrote:
> 
> > I am not sure about Luigi's bridging code. I know the dummynet stuff
> > seems to connect with the ipfw code but I don't think that the 
> > bridge code does... (I may be wrong) So I don't know how you plan on
> > filtering the bridged segments..
> 
> You are wrong, but we'll forgive you. :->
> 
> from bridge(4):
> 
>          net.link.ether.bridge_ipfw
> 
>      Set to 1 to enable ipfw filtering on bridged packets.  Note that ipfw
>      rules only apply to IP packets.
> 
> from ipfw(8):
> 
>      Each incoming or outgoing packet is passed through the ipfw rules.  If
>      host is acting as a gateway, packets forwarded by the gateway are pro-
>      cessed by ipfw twice.  In case a host is acting as a bridge, packets for-
>      warded by the bridge are processed by ipfw once.
> 
> the 'bridged' keyword can be used to match only bridged packets, so:
> 
>       ipfw add allow tcp from any to any 22 setup bridged
>       ipfw add allow tcp from any 22 to any established bridged
> 
> would allow ssh over a bridge, but in the absence of other rules, wouldn't
> allow it to the actual machine (or if the machine is also a router(?!) it
> wouldn't route ssh sessions either.)
> 
> -- 
> Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
>                 [EMAIL PROTECTED] / [EMAIL PROTECTED]
> 
> 
> 
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-current" in the body of the message
Boyd

-- 
        Boyd Faulkner               "...but the chocolate at
   [EMAIL PROTECTED]          Rumpelmayer's is great..."
http://asgard.hos.net/~faulkner     -- A. Crowley  Book of Lies 
           1011101



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to