On Tue, 14 Dec 2004 16:37:47 -0800, Bruce A. Mah <bmah at acm dot org> wrote:
> 
> 
> No, it was done that way because that's how I knew how to make it work.
> As m0n0wall stands right now, both the LAN and WAN ports need to have IP
> addresses assigned to them (for various reasons), and the "other side of
> the bridge" port needs to be unnumbered.  Thus the requirement for three
> interfaces.  If you can figure out how to remove at least one of these
> requirements, you'll be on your way.
> 

Ah, yeah, didn't think about that.  I assumed that because Manuel
tends to not let people shoot themselves in the foot too much.  :)


> 
> PS.  One thing I thought of was:  On a machine with two network
> interfaces, configure a VLAN on one of the interfaces and use that for a
> LAN port; this would allow you to do a filtering bridge setup with only
> two physical interfaces.  I believe I suggested this before, but
> apparently nobody has investigated to see if this works or not.
> 
> 

Thanks for the tip, I'll give that a shot when I get a chance.  

This isn't really a big deal except in circumstances where you can't
have more than 2 NIC's.  Like recently we had some Soekris 4511's
laying around and wanted to put in a filtering bridge at a colo with
one, and couldn't for that reason.  Most of the time NIC's are too
cheap to worry about something like that.

-Chris