On Thu, Jun 09, 2005 at 05:34:40PM +0200, TAMONE Francois - System Engineer
wrote:
>
> And what about performace then ?
> Would not this scheme impact double on the kernel in several parts of it ?
the bridge was put up with various hosts from his RFC1918 /24 hanging
off different bridge interfaces.
the router running the bridge exhibited the same network throughput
between external hosts while running the bridge with tag-on-in and a pf
ruleset
~10-15 lines using only tags (no interfaces) as it did by changing the same
two test hosts to individual /30s each connected to one of the bridge
interfaces,
( eg, one /30 between hostA and bridge ifaceA, other between B and B ), downing
the
bridge and turning off pf.
( the purpose of the bridge in his example is to be a firewall between
his wired and wireless lans, while allowing him to continue to use
the same /24 for any host, as he is accustomed to ).
jared
-
[ openbsd 3.7 GENERIC ( may 29 ) // i386 ]
