Firewall Wizards mailing list archives

Re: Tranparent bridge

From: Paul Robertson <proberts () patriot net>
Date: Thu, 25 Sep 2003 13:07:01 -0400 (EDT)

On Thu, 25 Sep 2003, Paul Robertson wrote:

A non-transparent bridge will modify the MAC address of the 
packets as it bridges them between networks, a transparent bridge will 
forward all the layer 2 traffic unaltered.  The right combination of proxy 
arp and forwarding might technically make a non-transparent bridge (if 
you did all the broadcast/multicast stuff too.)  The main advantage would 
be in having smaller ARP tables at each node.


Just to be complete, if you're not doing proxy ARP, the advantage would be 
in figuring out if a packet came through the bridge.  If a segment had 
multiple bridges in, it would help figure out where a packet came from 
when troubleshooting.  

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Tranparent bridge Chris Ditri (Sep 23)
- Re: Tranparent bridge Tony Rall (Sep 25)
  - Re: Tranparent bridge Paul Robertson (Sep 25)
    - Re: Tranparent bridge Paul Robertson (Sep 25)
- Re: Tranparent bridge Martin Peikert (Sep 25)
- <Possible follow-ups>
- RE: Tranparent bridge Melson, Paul (Sep 25)