Its possible, in fact there has been a thread running over that last week or so about defining rules for use in this way. The best place to start is probably http://bridge.sourceforge.net/ as that has the relevant patches.
Matt. ----- Original Message ----- From: "Jason Lim" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 04, 2002 10:17 AM Subject: "transparent" firewall possible? > Hi, > > I was wondering about this... > > Is it possible to have a completely plug-n-play transparent firewall > setup? For example, all that would need to be entered into the firewall's > setup is the IP(s) that should be recognized, and the ports that should be > recognized. > > The box would have 2 NIC cards... MZ (the internet) and LAN (behind > firewall)... > > All the box does would be to bridge the two NICs, and perform "filtering" > in between the bridge. > > I have something like that running right now (not working properly yet)... > I am using the "bridging-utils" in Debian testing to bridge eth0 (lan) and > eth1 (internet), and have iptables to do some filtering on incoming > packets on eth1. But does the bridging in the kernel pass the packets > directly from eth1 to eth0 before it hits the netfilter code? Or does the > netfilter code (and hence iptables) act first, filter the traffic, THEN > pass the data from eth1 to eth0? > > Probably someone has done all this in the past, and in fact I have found a > distro that *sounds* like it does this, but it is a weird heavily > customized Redhat, and I would perfer to stick with the Debian that we all > love. > > Sincerely, > Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
