OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: bridge config and transparent firewall
From: Jason Garman (jgarmanwedgie.org)
Date: Tue Feb 15 2000 - 22:20:50 CST

On Mon, Feb 14, 2000 at 01:05:13PM -0800, net admin wrote:
> just my .02 worht on this one;
>
> Bridging is problematic and very fussy about what nic you use sometimes
> you've to use two of the same type nics and some firewall rules i.e
> foreward does not work with kernel bridging or only works in one
> direction. I was realy pissed-off with kernel bridging in Fbsd and asked
> alot of questions but no one seems to have mastered this beast we call
> kernel bridging to work as a firewall and support packet forewarding in
> both directions.
>
I can attest to the fact that the kernel bridge and bridging ipfw stuff
*works* -- my current setup looks like this:

                             |---- Windows 95 box
DSL router -- BSD bridge ----| 10.0.0.3
 10.0.0.1 10.0.0.2 |---- Solaris box
                                     10.0.0.4
                                     ....... etc.

Basically I set this up because my router did not have freely available
firewalling capabilities, and subnetting when you have 16 ip addresses is
quite a waste. :) So bridging & ipfw is a godsend in this case.

The only question I have about my current setup is this:

Right now, only one of my interfaces on the BSD box (the one connected to
the DSL router) has an IP address bound to it. The other "internal"
interface has no IP address. For some reason, not sure what causes it,
every so often the MAC address associated with the BSD box's IP address
will change from one of the ethernet cards to another. It's more of an
annoynance than anything, as everything still works. But still, how can I
make it only send stuff so it appears to only come from one MAC address?

enjoy 

-- 
Jason Garman                                         http://web.wedgie.org/
Student, University of Maryland                          jgarmanwedgie.org
From fortune(1):                                              Whois: JAG145
  "... Had this been an actual emergency, we would have fled in terror,
   and you would not have been informed."

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message