Re: Bridging again

[Bill Hacker <wbh@xxxxxxxxxxxxx>]

Gergo Szakal wrote:

*snip*
> > WBH said:

> > i.e. - what is the intended service?
>
>
> The intention is to transparently filter the traffic of a given 
> department. I know it is appropriate, since our old bridge has been 
> runnning for 17 months now. :-)
> Sidenote: The IPs are public, no proxying, and there may be some traffic 
> queuing (has already been tested with OpenBSD, and it worked).
> (Let me tell the network topology: there are 4 departments sharing the 
> same class C ( == /24) range of public IPs. The infrastructure in the HQ 
> is quite old thus they are unable to mask the subnet into four /26 
> ranges. I have built a bridge for each department. Now one of them got a 
> new machine, and this is a great occasion for me to try DF in a 
> production environment, and I am also sick & tired of OpenBSD.)

OK.  I have a *BSD bastion/air-gap/remote-service-access/local backup box on one 
client site for that.

I hate to think of replacing the old beast, as finding a MB that can hold 6 NICs 
is no longer cheap.  Some of us place greater trust in cable-plant isolation 
than mere subnets...

OTOH, there are only 4 WinBoxen left there, and I can set up each of the 
Mac(BSD) firewalls remotely by ssh'ing in thru the *BSD box, so the need is 
going away with the WinTels...

;-)

Bill