Seems you can transparently define your external router IP ( ISP router ) sitting on the other side of your bridge/firewall as default gateway for all the protected machines. The bridge cares to provide you with ARP responce for routers's MAC. =========================================================== = Evgeny Popov ===================== [EMAIL PROTECTED] = = Water Management SCADA Centers Developer = = NT & Unix System Administrator = = ELECTRICAL & MECHANICAL SERVICES = = SUBSIDIARY OF MEKOROT WATER CO.LTD = > -----Original Message----- > From: Alex Shnitman [SMTP:[EMAIL PROTECTED]] > Sent: у 29 №хсюсј 2000 13:44 > To: Linux-IL mailing list > Subject: Re: A better Linux based firewall installation? > > Hi, Gilad! > > On Wed, Nov 29, 2000 at 12:50:32PM +0200, you wrote the following: > > > The second is to NOT configure your firewall as a router, but rather as > > a layer 2 bridge with IP firwalling rules(*2) and not give it an IP at > > all (bridges don't need to have an IP to function). Not having an IP > > makes overtaking the machine, hm... difficult ;-) > > If the machine doesn't have an IP address, what default route do you > set up on the other machines on the network so that they can go out? > > > -- > Alex Shnitman | http://www.debian.org > [EMAIL PROTECTED], [EMAIL PROTECTED] +----------------------- > http://alexsh.hectic.net UIN 188956 PGP key on web page > E1 F2 7B 6C A0 31 80 28 63 B8 02 BA 65 C7 8B BA > > I drive way too fast to worry about cholesterol. > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] ннннннннннннннннннннни unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
