current-users: Re: NetBSD as a bridge/firewall

Subject: Re: NetBSD as a bridge/firewall
To: None <current-users@netbsd.org>
From: Matthias Scheler <tron@zhadum.de>
List: current-users
Date: 08/11/2002 08:26:26

In article <40130000.1028912908@sludge.psc.edu>,
	Kevin Sullivan <ksulliva@psc.edu> writes:
> I'm setting up a firewall for a small business's DSL line.  They have a /28
> coming out of the DSL modem.  Since there is no place to put a router (and
> they don't want NAT), I'd like to set up a bridge/firewall where a computer
> acts as a ethernet bridge and also filters packets.  Can this be done with
> NetBSD 1.6?

NetBSD can't do filtering on a bridge. The only way to handle this
scenario is using proxy arp. Assuming you get 98.67.45.32/16 from your
provider and the NetBSD machines has two interface "fxp0" and "epic0"
your setup could look like this:

fxp0:	98.67.45.33 netmask 255.255.255.240	connected to DSL modem
epic0:	98.67.45.33 netmask 255.255.255.248	connected to LAN

Now use "arpd" from "pkgsrc/net/arpd" to provide proxy arp for 98.67.45.34
to 98.67.45.38 on "fxp0".

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/