Matthew Palmer wrote:
>
> You need ebtables to manage bridge filtering, if I'm not mistaken.
>
Only if you want to do link layer filtering. iptables works fine on a
bridge.
You can use pretty much any iptables script if you modify it to leave
out the NAT rules and in the FORWARD chain replace -
Christian Storch wrote:
On Sa, 16.10.2004, 13:39, Benjamin Goedeke wrote:
...
ethernet address, namely the one of the upstream router.) So it seems
arp resolution occurs even though the packets are being dropped. That's
why I thought the bridge before the firewall could be a good idea. But
I
Henrique de Moraes Holschuh wrote:
Well, I have seen ARP overflows on very big flat networks (e.g.
172.16.0.0/16) for example. Is any of yours that big? Otherwise, why would
the firewall be trying to resolve so many ARP addresses, instead of
forwarding the packets to its default gateway, or rejec
On Thu, 2003-10-30 at 08:53, Norbert Preining wrote:
> Our bridged/fw was running 160 day with code from there. Now I have
> installed a new kernel (2.4.22) with the current ebtables code
> (ebtables.sf.net) which can do even more, although I don't need it. But
> ebtables is the code in 2.6 and ac
On Thu, 2003-10-30 at 08:53, Norbert Preining wrote:
> Our bridged/fw was running 160 day with code from there. Now I have
> installed a new kernel (2.4.22) with the current ebtables code
> (ebtables.sf.net) which can do even more, although I don't need it. But
> ebtables is the code in 2.6 and ac
Hello everyone,
I administer a LAN that will soon be moved from private to public IP
space. The LAN is inside a university network and as such in a rather
hostile environment.
At the moment there is a firewall with a public IP doing all the
filtering and a NAT/router box behind this. Now I'm thin
Hello everyone,
I administer a LAN that will soon be moved from private to public IP
space. The LAN is inside a university network and as such in a rather
hostile environment.
At the moment there is a firewall with a public IP doing all the
filtering and a NAT/router box behind this. Now I'm thin
7 matches
Mail list logo
