Bridging on NetBSD?

Bridging on NetBSD?

Post by Uh Hu » Wed, 03 Apr 2002 11:47:42



I have an old Mac IIci lying around that I'd like to use as a "stealth
firewall" machine that does bridging (in other words, a packet filtering
bridge).  I know that OpenBSD can do this, but I've been having trouble
getting OpenBSD to work on the machine (installs fine, but reports a MAC
address of 00:00:00:00:00:00 for each of my Ethernet cards!).  So I have put
NetBSD 1.5.2 on the machine (it recognizes the correct MAC address of one of
the two Ethernet cards); but can it do the kind of bridging I'm talking
about?  I've seen conflicting answers to that question in the archives I've
checked.
 
 
 

Bridging on NetBSD?

Post by Ben Harr » Thu, 04 Apr 2002 00:33:53




>I have an old Mac IIci lying around that I'd like to use as a "stealth
>firewall" machine that does bridging (in other words, a packet filtering
>bridge).  I know that OpenBSD can do this, but I've been having trouble
>getting OpenBSD to work on the machine (installs fine, but reports a MAC
>address of 00:00:00:00:00:00 for each of my Ethernet cards!).  So I have put
>NetBSD 1.5.2 on the machine (it recognizes the correct MAC address of one of
>the two Ethernet cards); but can it do the kind of bridging I'm talking
>about?

I believe the answer is currently "no".

--
Ben Harris
Unix Support, University of Cambridge Computing Service.
  If I wanted to speak for the University, I'd be in ucam.comp-serv.announce.

 
 
 

Bridging on NetBSD?

Post by Hendrik Schol » Fri, 05 Apr 2002 19:43:35


Hi!


> I have an old Mac IIci lying around that I'd like to use as a "stealth
> firewall" machine that does bridging (in other words, a packet filtering
> bridge).  I know that OpenBSD can do this, but I've been having trouble
> getting OpenBSD to work on the machine (installs fine, but reports a MAC
> address of 00:00:00:00:00:00 for each of my Ethernet cards!).  So I have put
> NetBSD 1.5.2 on the machine (it recognizes the correct MAC address of one of
> the two Ethernet cards); but can it do the kind of bridging I'm talking
> about?  I've seen conflicting answers to that question in the archives I've
> checked.

ipf can do this bridging.
What you want is normal packet filtering and forwarding without
decrementing the ttl.
If you lower the ttl while processing the packet on your packet filter
someone could see that there is another host on the way.

Take a look at the ipf FAQ on obfucsation.org/ipf.

Hendrik

--

Apartment 417, 585 La Trobe Str.
Melbourne 3000, Victoria, Australia