On 11/10/14, 2:46 PM, Peter Hessler wrote:
> As I said before.
>
> _This_ _Is_ _Not_ _Possible_.
>
> Period.
>
>
Well....if you're doing bridging on the Linux setup you're trying to
replace, but don't realize it, forget to mention that the Cisco actually
*does* have an address in the /29 the Free/OpenBSD box lives on twice,
and then have a conceptual breakdown between layer 2 and layer 3, you
might end up where the OP is. At least that's the conclusion I've
tentatively come to given the parallel conversation on
freebsd-questions. :-)
I think he's trying to do a bump-on-the-wire firewall.
Here's OP's network diagram from freebsd-questions, with one correction
based on a later clarification:
+-------+
| Cisco |
+-----+-+
|if: 189.92.72.9/29
|
|em0: 189.92.72.10/255.255.255.248
+-+-------+
| FreeBSD |
+-+-------+
|em1: 189.92.72.11/255.255.255.248
|
|
+-----+--+
| Switch | +-----------------+
+--------+ | MAIL |
|---------------+-----------------+
bnx0: 189.72.92.12/255.255.255.248
Looks like a stereotypical bump-on-the-wire bridging firewall to me.
Dante: see http://www.openbsd.org/faq/faq6.html#Bridge And in OpenBSD
I'd address only one of the interfaces (or none of them if you wish to
increase security by forcing all management to be done from the
console). And it's not routing. So don't try to use routes.
--Jon Radel
[email protected]
[demime 1.01d removed an attachment of type application/pkcs7-signature which
had a name of smime.p7s]
