Re: status of bridge code

Tue, 19 Jun 2001 08:07:17 -0700 

Hi,

Is there any documentation (or better, a HOWTO) on how to get firewall 
functionality with netgraph bridging?  I have DSL and 8 addresses and
I like the front machine to act as the firewall.  I have this with 
the old bridge and ipfw but as has been said before, it has problems.

Thanks,
Boyd

On Wed, Jan 24, 2001 at 02:03:40PM -0800, Julian Elischer wrote:
> "Thomas T. Veldhouse" wrote:
> > 
> > > Have a look at what you can do with netgraph first.
> > >
> > > Most people don't know what it is but it allows almost arbitrarily
> > > complicated network topologies to be set up from the command line.
> > >
> > >
> > 
> > Is there any reasonable documentation or a HOWTO on the usage of netgraph?
> > I am currently using the standard bridging code and IPFIREWALL (ipfw) with
> > my dc cards.  No problems so far - as long as I don't use DUMMYNET with it.
> > I really wish I could use DUMMYNET as I need to put bandwidth limits on a
> > few of the computers on my network.
> 
>  /usr/share/examples/netgraph
> man 4 netgraph
> man 4 ng_bridge
> (etc.)
> also a daemon-news article on how it works.
> 
> 
> Rate limitting is one thing that isn't there yet. If we pulled our fingers out,
> I guess we would have ripped the dummynet rate limmiter out of where it is
> and placed it into a netgraph node where it would be generally useful
> instead of being hardcoded into one (sometimes useful) localtion in the 
> netoworking stacks.
> 
> there is a rate limitter based on netgraph available from:
> http://www.riss-telecom.ru/~vitaly/
> 
> but I have not tried it.
> 
> I need to look at it again as I believe it has improved and 
> may be generally useful.
> When I looked at it last it was a bit alpha.
> It probably needs rewriting for the new netgraph API in -current.
> 
> 
> 
> 
> >  
> > Tom Veldhouse
> > [EMAIL PROTECTED]
> 
> -- 
>       __--_|\  Julian Elischer
>      /       \ [EMAIL PROTECTED]
>     (   OZ    ) World tour 2000
> ---> X_.---._/  from Perth, presently in:  Budapest
>             v
> 
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-current" in the body of the message
-- 

        Boyd Faulkner            "The Gods don't drag people,  The Gods
   [EMAIL PROTECTED]        sucker punch them until the poor fools
http://asgard.hos.net/~faulkner   pay attention and do it for themselves." 
           1011101                            - Soror Sia

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to