DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th January 2009
northwoods northwoods is offline
New User
 
Join Date: Jan 2009
Posts: 2
Thanked 0 Times in 0 Posts
Default Transparent bridge performance with PF

I'm in the process of setting up a transparent bridge using PF but am having some problems determining which of the two bridged interfaces the filtering should occur on. The box has a total of three interface, one dedicated for management with the other two passing traffic through for users. Performance wise the interfaces gig-connected intel nics serving a couple hundred users but we wanted to implement some filtering to allow through only http, https, ect for guests and while it does work in it's current state I'm wondering if the inside interface was the best choice for the filtering to be conducted or if it would better to be filtering on the external interface.

Ideas?
Reply With Quote
  #2   (View Single Post)  
Old 29th January 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

I tend to filter on the interface closest to the users ('LAN side', so to speak) or on the bridge interface itself (for those who can't get off the fence ..). Filtering on the external interface ('WAN' side) is used for keeping the rest of the world out. That way, the bridge has a nice wall around all sides, with not much going on inside.

On a router it depends on whether there are services running on the router itself which the users may need (DNS, mail, DHCP, etc.).
Reply With Quote
  #3   (View Single Post)  
Old 30th January 2009
northwoods northwoods is offline
New User
 
Join Date: Jan 2009
Posts: 2
Thanked 0 Times in 0 Posts
Default

all services are to be passed through to users from the outside, nothing running on the box outside of the filtering.
Reply With Quote
  #4   (View Single Post)  
Old 30th January 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

Then I'd say: filter on the interface closest to where traffic originates from. So filter outbound LAN traffic on the LAN side, and inbound external traffic on the WAN side.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bad ftp performance Randux NetBSD Package System (pkgsrc) 2 4th January 2009 09:17 PM
PPPoE -> ADSL Router (Bridge) - Slow connect? DraconianTimes OpenBSD General 0 31st December 2008 01:07 PM
squid transparent questions toolbox FreeBSD Ports and Packages 0 20th December 2008 04:01 AM
ftp-proxy on transparent bridge mswall OpenBSD Security 4 7th July 2008 01:30 PM
Bridge VLAN + Catalyst espenfjo FreeBSD General 2 6th June 2008 05:16 PM


All times are GMT. The time now is 11:18 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick