[ previous ] [ next ] [ threads ]
 
 From:  "Bruce A. Mah" <bmah at acm dot org>
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  bmah at acm dot org, m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] FreeBSD 6.0-based alpha version 1.3a1 available
 Date:  Tue, 22 Nov 2005 12:32:06 -0800 
If memory serves me right, Manuel Kasper wrote:

> > One thing I've learned along the way is that the filtering bridge
> > feature that got me involved with m0n0wall in the first place is a
> > lot easier to implement and use with the new if_bridge(4) driver,
> > which was ported from OpenBSD.  For starters, this makes it
> > possible to solve the "can't do NAT and bridging on the same box"
> > problem.  It also integrates with PF (presumably other firewalls
> > too) fairly nicely.
> 
> Yep, it'll be nice when the whole
> Filtering/NAT/Shaping/IPsec/Bridging mess can be untangled a little!

"Untangled" reminded me of the attached message.  It's a good thing that
I didn't see this until well after I had a working filtering bridge,
otherwise I would have run away from the horror of it all.  :-)

Cheers,

Bruce.

PS.  It's for -CURRENT but I think it's applicable to RELENG_6, and
parts even for RELENG_5.
A first attempt can be seen at:
http://www.freebsd.org/~julian/layer2-current.pdf

this is not a call graph, but a diagram of where packets can be passed.

comments from vlan, pfil, CARP. if_bridge  developers are welcome.
those new-fangled bits worry me :-)

julian
_______________________________________________
freebsd dash net at freebsd dot org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd dash net dash unsubscribe at freebsd dot org"
signature.asc (0.2 KB, application/pgp-signature)