Hi Everyone,

I decided to take that leap into the great unknown. I just installed a fresh installation of FreeBSD 4.9 Stable. I want the machine to do transparent packet filtering by acting as a bridge with IPFilter enabled. I have two network cards installed. Both are enabled and seem to be fine. Niether have an IP Address assigned to them, I want the machine to be an invisible bridge on the network. NO NAT. I want it to be transparent.

I found a nice tutorial located at:

http://ezine.daemonnews.org/200211/ipfilter-bridge.html

I followed the instructions. They seemed pretty simple and basic, even for someone new to FreeBSD like me. Here is a break down of what I did to try and accomplish my goal.

Added the following to my kernel:

options BRIDGE
options IPFILTER

(rebuilt kernel - rebooted)

Added the following lines to /etc/sysctl.conf

sysctl net.link.ether.bridge_cfg=dc0:0,sis0:0
sysctl net.link.ether.bridge_ipf=1
sysctl net.link.ether.bridge=1

(Note: dc0 and sis0 are my 2 network cards)

I then enable IPFilter in /etc/rc.conf by adding the line:

ipfilter_enable="YES"

In my /etc/ipf.rules file I only have the two lines:

pass in all
pass out all

Which should allow all traffic in and out. My network setup is as follows:

Internet Conection -> dc0 (first network card - which should be sending traffic to sis0) sis0 (second network card) -> switch port NOT uplink port. All computers are then plugged into the ports on the switch. So theoretically all outbound/inbound traffic should be going through the BSD box.

If you've read this far (THANKS!), here are my questions:

1) I am wondering if my network setup is correct. Should I be using a cross over cable to connect sis0 to the uplink port instead of having it plugged into a regular port on the switch? That would seem to make more sense, but the tutorial did not mention that. I am not using a cross over cable, and if I set the switch to uplink the uplink port and network card lights do not go on. Could this be my problem? Unfortunately I do not have a cross over cable to test this out, which is why I am asking.

2) I am new to FreeBSD. Could anyone recommend some logs I could check out, or explain how to enable certain logs that may give me clues as to why my setup isn't working?

3) Anyone ever attempt this before and could give me some suggestions? Any advice is appreciated. Alternative setup suggestions, etc... I am a newbie to FreeBSD and have been wanting to learn this stuff for years.

Thanks!