Re: Bridges
From: Jeremie Le Hen (jeremie_at_le-hen.org)
Date: 09/29/05
- Previous message: Yar Tikhiy: "Re: Bridges"
- In reply to: Yar Tikhiy: "Re: Bridges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 29 Sep 2005 11:08:18 +0200 To: Yar Tikhiy <yar@comp.chem.msu.su>
Hi Yar,
> Couldn't you bridge across the parent, or trunk, physical interfaces
> carrying tagged VLAN traffic then? (Of course, hardware support for
> VLAN should be turned off on them in that case.)
Since neither ipfw nor pf can filter on VLAN tag at layer 2, this
could be pretty useful to be able to bridge vlan(4) interfaces together.
For administrative reasons, you may not want to have all the VLANs
living onto a physical network being seen to the other side of the
bridge.
I also know another situation where this can be useful. Once I've been
asked to build a single firewall for a whole rack of servers. These
servers where remotely administrated by customers and therefore we
had no security control over them. Thus we wanted the firewall to
protect the servers from the Internet but also from others round servers,
that may have been defaced. For other reasons, we needed a bridge and
no NAT was possible. The idea was to give each server its own VLAN,
and the firewall bridged them together.
I set up this firewall with Linux, I would be glad to be able to do
so with FreeBSD.
Regards,
-- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-arch@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-arch To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
- Previous message: Yar Tikhiy: "Re: Bridges"
- In reply to: Yar Tikhiy: "Re: Bridges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
