You have an interesting idea, but it won't work in my case. I have to put this between a pair of Cisco routers running EIGRP. They won't see each other if the router discovery packets (etc.) aren't forwarded by a bridge. I also can't guarantee that the address of the router on one side won't change -- it is not under my control.
Thanks!! Jeff On Wed, Jan 19, 2000 at 08:42:00AM +0100, Onno Ebbinge wrote: > At 02:08 PM 1/18/00 -0600, Jeff Noxon wrote: > >Can anything that runs on Linux do reliable network bridging & filtering? > >I need a transparent filter that I can drop into an existing network. > > > >Ipfilter will do the job with Open/NetBSD. It may work on Linux, but > >requires kernel 2.0.35 and isn't compatible with glibc. > > Another guy ask -something like that- before, > I replied with an answer that worked ;-) > > Here is my reply and maybe you can use > parts of it: > (You don't want to use this route config ;-) > > > This has been a while but here it goes: > > > > Please test if the next settings will do the trick. > > The debian box cannot be reached from the inet or lan, > > We can do something about the lan connection though... > > > > Note: Filtering firewall is WIDE open! > > Note: There is a route for all IP's because they are > > on the same subnet (netmask) but NOT on the > > same network device! > > Note: Youre gateway is 63.225.131.78 > > > > root# ifconfig lo 127.0.0.1 > > root# ifconfig eth0 0.0.0.0 promisc > > root# ifconfig eth1 0.0.0.0 promisc > > > > root# route add 63.225.131.73 eth0 > > root# route add 63.225.131.74 eth0 > > root# route add 63.225.131.75 eth0 > > root# route add 63.225.131.76 eth0 > > root# route add 63.225.131.77 eth0 > > root# route add 63.225.131.78 eth1 > > > > root# ipchains -P input ACCEPT > > root# ipchains -P forward ACCEPT > > root# ipchains -P ouput ACCEPT > > root# ipchains -F > > root# ipchains -X > > > > Please send me your results....
