Adding bridge functionalities to a FreeBSD system is not difficult. Since 4.5 release it is possible to load such functionalities as modules instead of having to rebuild the kernel, simplifying the procedure a great deal. In the following subsections I will explain both installation ways.
Do not follow both instructions: a procedure excludes the other one. Select the best choice according to your needs and abilities.
Before going on, be sure to have at least two Ethernet cards that support the promiscuous mode for both reception and transmission, since they must be able to send Ethernet packets with any address, not just their own. Moreover, to have a good throughput, the cards should be PCI bus mastering cards. The best choices are still the Intel EtherExpress™ Pro, followed by the 3Com® 3c9xx series. To simplify the firewall configuration it may be useful to have two cards of different manufacturers (using different drivers) in order to distinguish clearly which interface is connected to the router and which to the inner network.
So you have decided to use the older but well tested installation method. To begin, you have to add the following rows to your kernel configuration file:
options BRIDGE options IPFIREWALL options IPFIREWALL_VERBOSE
The first line is to compile the bridge support, the second one is the firewall and the third one is the logging functions of the firewall.
Now it is necessary to build and install the new kernel. You may find detailed instructions in the Building and Installing a Custom Kernel section of the FreeBSD Handbook.
If you have chosen to use the new and simpler installation
method, the only thing to do now is add the following row to
/boot/loader.conf:
bridge_load="YES"
In this way, during the system startup, the
bridge.ko module will be loaded together with the
kernel. It is not required to add a similar row for the
ipfw.ko module, since it will be loaded
automatically after the execution of the steps in the following
section.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <[email protected]>.
Send questions about this document to <[email protected]>.