DragonFly users List (threaded) for 2006-09
Re: Bridging again
Gergo Szakal wrote:
i.e. - what is the intended service?
The intention is to transparently filter the traffic of a given
department. I know it is appropriate, since our old bridge has been
runnning for 17 months now. :-)
Sidenote: The IPs are public, no proxying, and there may be some traffic
queuing (has already been tested with OpenBSD, and it worked).
(Let me tell the network topology: there are 4 departments sharing the
same class C ( == /24) range of public IPs. The infrastructure in the HQ
is quite old thus they are unable to mask the subnet into four /26
ranges. I have built a bridge for each department. Now one of them got a
new machine, and this is a great occasion for me to try DF in a
production environment, and I am also sick & tired of OpenBSD.)
OK. I have a *BSD bastion/air-gap/remote-service-access/local backup box on one
client site for that.
I hate to think of replacing the old beast, as finding a MB that can hold 6 NICs
is no longer cheap. Some of us place greater trust in cable-plant isolation
than mere subnets...
OTOH, there are only 4 WinBoxen left there, and I can set up each of the
Mac(BSD) firewalls remotely by ssh'ing in thru the *BSD box, so the need is
going away with the WinTels...