[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] [FW1] FW1 as a bridge
Gabriel, I can appreciate the information coming from the source at simplegeeks.com, but the truth of the matter is that a bridge is a layer 2 device, with special services and processes that must be run in order to extrapolate layer 3 information necessary for ip packet processing. I think it serves to note that since the world expects the same degree of functionality from Firewall-1 regardless of its host platform, then it is a limitation that not every OS vendor implements bridging code. As you state, the bridging is a function of 3rd party code, and since CheckPoint has not seen fit to reinvent the wheel by writing layer2 passthru code, I think Dan was correct in his analysis. I think we all can appreciate your depth of knowledge as you have expressed it, but if you are simply looking to bash Firewall-1, then perhaps it is better done on another mailing list other than a Firewall-1 users list. For the sake of those trying to gain knowledge, and their lack of desire to follow a flame-chain, please direct any hate mail back to me only. Kindest Regards, CryptoTech Gabriel Rocha wrote: > ,----[ On Thu, Sep 27, at 02:40PM, Dan Hitchcock wrote: ]-------------- > | FW1, unfortunately, does not work in bridge mode. Some appliance-based > | firewalls support this functionality, but FW1 depends on an IP address being > | bound to each adapter used for traffic control. This is more a limitation > | of the underlying operating system than a limitation of FW1. > `----[ End Quote ]--------------------------- > > Not trying to be picky here, well, not too picky anyway. FW1, to my > knowledge runs on Linux and Solaris (yes other OS's too, but anyone who > runs it under Win2k is on crack anyhow and HPUX is simply not in style, > AIX doesnt count) both of which support bridging with other firewalls, > now, how does that leave room for a limitation of the OS? IPF runs on > Linux and on Solaris in bridging mode, Linux has iptables and ipchains, > both of which do bridging packet filtering. Oh just remembered IPSO, > FW-1 for Nokia (which is just an x86 with a proprietary board so they > can charge more) IPSO is nothing more than FreeBSD 2.x with some tweaks, > FreeBSD does bridging just fine. We could at least recognize the > shortcomings of the software we use, for it certainly is not a > shortcoming of the OS. (if you use Win2k, YMMV) --Gabe > > -- > > "It's not brave if you're not scared." > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|