On Tue, 18 Jul 2000, David Brownlee wrote:

[snip]

> > Now, since I have no control over the routes on their network, I can't
> > implement a BSD box which routes and firewalls; this would require
> > the provider to use that box as the gateway for my 10 static IP
> > addresses.  In otherwords, I'm stuck on a flat topology.
> > 
> 	Not really - you can setup IP aliases on the external interface
> 	of the NetBSD box, and setup appropriate NAT rules to map your
> 	internal addresses to your external ones. It allows you to play
> 	extra games with changing the mappings as and when you want.

Definitely one solution.  I guess I'm trying to point out the differences
of a layer 2 vs. layer 3 solution.  When I can't mess with layer 3 without
going through hurdles, a layer 2 solution is a nice, clean
alternative.  Especially in a larger situation with, say, a class C
subnet.  255 aliases on a single interface!  That'd be something to be
proud of [in an odd sort of way ;-]

> > Solution: a bridging firewall.
> 
> 	One solution - good use of NAT is another one.

Aside all of this, am I wrong about NetBSD lacking bridging support?

I seem to remember that people talked a bit about it a while ago, but I
haven't tracked -current in a while so I'm not on the bleeding edge.

Take care,

-Jon
 --------------------------------------------------------------------
 "Hey - this old machine screams like a snail on acid!" - (a true
  comment by a fellow who recently installed NetBSD on an old server)