[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bridging question ...



Hi all,
I am currently setting up a sokeris 4501 as a WAP/PPPoE gateway. It is
currently set up and working well, however, I really don't know if it
is set up efficiently.
I have read in OpenBSD's FAQ that one should only filter in on *one*
interface when bridging. In my context I'm trying to explore this and
that's why I am emailing you.
I have a simple set up such as:
      ---------------
     |                     | sis0 --------- Internet
     |    sokeris    |     |                     |      --------------
           |           |        wi0
           | ----------------
  10.0.0.0/24
I believe that the bridge that I have set up on the sokeris is a
heterogeneous bridge and translates between IEEE 802.3 and IEEE
802.11.
Question: In the aforementioned context if I am only meant to filter
on one interface which must it be ? I would assume sis0, however, if I
do that I still seem to need to always explicitly allow connections in
on wi0 also e.g.
$INT_IF="wi0"
$EXT_IF="tun0"
pass in log quick on $INT_IF proto tcp from $INT_IF:network to any
port {6667,80,443,21,20} label "$dstport" flags $SYN_ONLY keep state
pass in log quick on $EXT_IF proto tcp from any port {6667,80,443} to
any label "$dstport" keep state
I'm confused whether or not I'm doing the correct thing. Can anyone
clarify this with me.
Cheers
 - Alex