On Tue, 18 Jul 2000, David Brownlee wrote:

[snip]

> > (BTW, if I had a choice between bridging, or using NAT, I'd choose to 
> > bridge every time. There are just too many odd protocols not supported by 
> > IPFilter (or most any other NAT implementation). For example H.323, RTSP, 
> > xdmcp.)
> > 
> 	If you are running xdmcp then you probably are not in an
> 	environment that needs a secure filtering box (you might need
> 	one at your border, but then you probably are not running xdmcp
> 	across there).

Not to mention that a bridge can't really do NAT... if it did, it'd
need at least one IP to NAT everything behind, at which point it becomes
an IP firewall/router...

> > (Yes, this message is being posted from a machine behind a 1:N IPFilter 
> > NAT. Sometimes you can't get everything you want ;-)
> 
> 	Sometimes you want to exercise a little more control than you can
> 	get with a bridge.

Yep.  IP firewall is one tool, bridging firewall is another.  What a
wonderful toolbox ;-)

> 	That is not to say that it wouldn't be excellent if someone
> 	pulled in OpenBSD's bridging support.. :)

Who might be prompted [with promises of food, longevity, general hugs and
kisses] to do such a thing?  I'd do it, but I know that 1) I'd never get
around to it (slacker), and 2) it'd take me 5x longer than someone who
knows the code and the flow.

I'd say that adding bridging code would round off NetBSD's networking
functionality nicely.  I think bridging is the only major networking piece
that NetBSD does not yet have (be nice - I'm not trolling...)

-Jon
 --------------------------------------------------------------------
 "Hey - this old machine screams like a snail on acid!" - (a true
  comment by a fellow who recently installed NetBSD on an old server)