Transparent FW: PF+briging mode
Jordi Espasa Clofent
jordi.espasa at opengea.org
Sun Nov 25 02:28:21 PST 2007
Hi all,
I'm planning to build a transparent FW using PF+bridging mode; the
network arquitecture will be:
[Internet] <-> ( xl0 ) <bridge> ( xl2 ) <-> ( switchs ) <-> (clients
with /23 public IPs )
I've read a lot in this list and other places about some problems with
bridging mode and PF; but I don't understand exactly where is the
problem. Maybe it's an old problem solved at present moment, because
these post were is 2004/2005 and related to 5.x:
http://lists.freebsd.org/mailman/htdig/freebsd-pf/2005-August/001369.html
http://lists.freebsd.org/mailman/htdig/freebsd-pf/2005-January/000745.html
http://lists.freebsd.org/pipermail/freebsd-pf/2005-November/001697.html
My questions are:
¿Is possible to build the commented arquitecture with _ALL_ pf features
available?
¿Can the FW (pf) inspect and act on the packets which pass through the
bridge with clients as final destination?
¿Are there differences related to this problem in using 6.x or 7.x branches?
--
Thanks
Jordi Espasa Clofent
More information about the freebsd-pf
mailing list