Attachment #15536 for bug #28779

View | Details | Raw Unified | Return to bug 28779
Collapse All | Expand All




    that routers can only route traffic between different subnets.
    Also, subnets can only be made by by cutting an existing space in
    half or defining a new space that is typically unroutable (see
    <ulink url="ftp://nis.nsf.net/internet/documents/rfc/rfc1918.txt">RFC 1918</ulink>).
    This wastes half of the useful addresses (or at least puts
    them on the "wrong" side of the router -- the thing that is
    doing the packet filtering that makes the inside network safe).
    Using a bridge costs some CPU cycles, but makes all of the

${ipfw} add pass tcp from any to mailhost 25 in via ${oif}

# UDP section
# Pass the "quarantine" range.
${ipfw} add pass udp from any to any 49152-65535 in via ${oif}
# Pass DNS.  Only if you have name servers inside.
#${ipfw} add pass udp from any to any 53 in via ${oif}

      the items that were discussed by Luigi Rizzo in his Dummynet lecture at
      FreeBSDcon '99 and by Mark Murray during his Network Security lecture.
      In addition, for quite some time now I have been putting together 
      filtering bridges for friends and colleagues who were getting DSL
      connections for their home.</para>
    </sect1>
</article>

Return to bug 28779

Lines 50-57 Link Here

(-)en_US.ISO8859-1/articles/filtering-bridges/article.sgml (-4 / +4 lines)
50	that routers can only route traffic between different subnets.	50	that routers can only route traffic between different subnets.
51	Also, subnets can only be made by by cutting an existing space in	51	Also, subnets can only be made by by cutting an existing space in
52	half or defining a new space that is typically unroutable (see	52	half or defining a new space that is typically unroutable (see
53	<ulink url="ftp://nis.nsf.net/internet/documents/rfc/rfc1918.txt">RFC 1918</ulink>	53	<ulink url="ftp://nis.nsf.net/internet/documents/rfc/rfc1918.txt">RFC 1918</ulink>).
54	). This wastes half of the useful addresses (or at least puts	54	This wastes half of the useful addresses (or at least puts
55	them on the "wrong" side of the router -- the thing that is	55	them on the "wrong" side of the router -- the thing that is
56	doing the packet filtering that makes the inside network safe).	56	doing the packet filtering that makes the inside network safe).
57	Using a bridge costs some CPU cycles, but makes all of the	57	Using a bridge costs some CPU cycles, but makes all of the
Lines 267-273 Link Here
267	${ipfw} add pass tcp from any to mailhost 25 in via ${oif}	267	${ipfw} add pass tcp from any to mailhost 25 in via ${oif}
268		268
269	# UDP section	269	# UDP section
270	# Pass the "quarantine" range"	270	# Pass the "quarantine" range.
271	${ipfw} add pass udp from any to any 49152-65535 in via ${oif}	271	${ipfw} add pass udp from any to any 49152-65535 in via ${oif}
272	# Pass DNS. Only if you have name servers inside.	272	# Pass DNS. Only if you have name servers inside.
273	#${ipfw} add pass udp from any to any 53 in via ${oif}	273	#${ipfw} add pass udp from any to any 53 in via ${oif}
Lines 349-355 Link Here
349	the items that were discussed by Luigi Rizzo in his Dummynet lecture at	349	the items that were discussed by Luigi Rizzo in his Dummynet lecture at
350	FreeBSDcon '99 and by Mark Murray during his Network Security lecture.	350	FreeBSDcon '99 and by Mark Murray during his Network Security lecture.
351	In addition, for quite some time now I have been putting together	351	In addition, for quite some time now I have been putting together
352	filtering bridges for friends and coleagues who were getting DSL	352	filtering bridges for friends and colleagues who were getting DSL
353	connections for their home.</para>	353	connections for their home.</para>
354	</sect1>	354	</sect1>
355	</article>	355	</article>