Thanks for directing me to that website... lots of relevent information there. Thankfully we are running 2.4 on nearly all boxes now, so everything is already there :-)
----- Original Message ----- From: "Matt Ryan" <[EMAIL PROTECTED]> To: "Jason Lim" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, February 04, 2002 6:29 PM Subject: Re: "transparent" firewall possible? > Its possible, in fact there has been a thread running over that last week or > so about defining rules for use in this way. The best place to start is > probably http://bridge.sourceforge.net/ as that has the relevant patches. > > > Matt. > > ----- Original Message ----- > From: "Jason Lim" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, February 04, 2002 10:17 AM > Subject: "transparent" firewall possible? > > > > Hi, > > > > I was wondering about this... > > > > Is it possible to have a completely plug-n-play transparent firewall > > setup? For example, all that would need to be entered into the firewall's > > setup is the IP(s) that should be recognized, and the ports that should be > > recognized. > > > > The box would have 2 NIC cards... MZ (the internet) and LAN (behind > > firewall)... > > > > All the box does would be to bridge the two NICs, and perform "filtering" > > in between the bridge. > > > > I have something like that running right now (not working properly yet)... > > I am using the "bridging-utils" in Debian testing to bridge eth0 (lan) and > > eth1 (internet), and have iptables to do some filtering on incoming > > packets on eth1. But does the bridging in the kernel pass the packets > > directly from eth1 to eth0 before it hits the netfilter code? Or does the > > netfilter code (and hence iptables) act first, filter the traffic, THEN > > pass the data from eth1 to eth0? > > > > Probably someone has done all this in the past, and in fact I have found a > > distro that *sounds* like it does this, but it is a weird heavily > > customized Redhat, and I would perfer to stick with the Debian that we all > > love. > > > > Sincerely, > > Jason > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
