martin f krafft wrote:
>
> * Rens Houben <[EMAIL PROTECTED]> [2001.12.03 13:02:50+0100]:
> > Anyways, I've been following this thread and wondering: Is there any
> > reason why snort would or would not work with a bridge?
>
> snort is a tool that primarily assesses ip, tcp, and application level
martin f krafft wrote:
>
> * Rens Houben <[EMAIL PROTECTED]> [2001.12.03 13:02:50+0100]:
> > Anyways, I've been following this thread and wondering: Is there any
> > reason why snort would or would not work with a bridge?
>
> snort is a tool that primarily assesses ip, tcp, and application level
* Rens Houben <[EMAIL PROTECTED]> [2001.12.03 13:02:50+0100]:
> Anyways, I've been following this thread and wondering: Is there any
> reason why snort would or would not work with a bridge?
snort is a tool that primarily assesses ip, tcp, and application level
protocols. if you run it on a bridge
* Wichert Akkerman <[EMAIL PROTECTED]> [2001.12.03 00:57:48+0100]:
> It filters based on packet content that just happens to be IP
> information. Just like the u32 filter, except the syntax is easier.
> It still bridges.
i guess you are right. my only problem is that a bridge does MAC/SNAP
and is
* Rens Houben <[EMAIL PROTECTED]> [2001.12.03 13:02:50+0100]:
> Anyways, I've been following this thread and wondering: Is there any
> reason why snort would or would not work with a bridge?
snort is a tool that primarily assesses ip, tcp, and application level
protocols. if you run it on a bridg
* Wichert Akkerman <[EMAIL PROTECTED]> [2001.12.03 00:57:48+0100]:
> It filters based on packet content that just happens to be IP
> information. Just like the u32 filter, except the syntax is easier.
> It still bridges.
i guess you are right. my only problem is that a bridge does MAC/SNAP
and is
On Sun, 2001-12-02 at 23:05, martin f krafft wrote:
> because it's filtering based on the IP information. brides speak no
> IP.
They do if you marry a girl who knows her networking. *Ducks*
Anyways, I've been following this thread and wondering: Is there any
reason why snort would or would not w
On Sun, 2001-12-02 at 23:05, martin f krafft wrote:
> because it's filtering based on the IP information. brides speak no
> IP.
They do if you marry a girl who knows her networking. *Ducks*
Anyways, I've been following this thread and wondering: Is there any
reason why snort would or would not
Previously martin f krafft wrote:
> because it's filtering based on the IP information. brides speak no
> IP.
It filters based on packet content that just happens to be IP
information. Just like the u32 filter, except the syntax is easier.
It still bridges.
Wichert.
--
___
* Wichert Akkerman <[EMAIL PROTECTED]> [2001.12.02 22:30:02+0100]:
> Why is a filtering bridge no longer a bridge? It does not route, it
> does not change packets, it just selectively does not pass some on.
> A broken bridge maybe from a strict standpoint, but still a bridge.
because it's filterin
Previously martin f krafft wrote:
> because it's filtering based on the IP information. brides speak no
> IP.
It filters based on packet content that just happens to be IP
information. Just like the u32 filter, except the syntax is easier.
It still bridges.
Wichert.
--
__
Previously martin f krafft wrote:
> oh my, everyone is misunderstanding my non-important, trivial point. i
> am not doubting that linux bridging and netfilter do interface, i am
> merely saying that such a fusion is not a bridge anymore.
Why is a filtering bridge no longer a bridge? It does not ro
* Wichert Akkerman <[EMAIL PROTECTED]> [2001.12.02 22:30:02+0100]:
> Why is a filtering bridge no longer a bridge? It does not route, it
> does not change packets, it just selectively does not pass some on.
> A broken bridge maybe from a strict standpoint, but still a bridge.
because it's filteri
Previously martin f krafft wrote:
> oh my, everyone is misunderstanding my non-important, trivial point. i
> am not doubting that linux bridging and netfilter do interface, i am
> merely saying that such a fusion is not a bridge anymore.
Why is a filtering bridge no longer a bridge? It does not r
* Wichert Akkerman <[EMAIL PROTECTED]> [2001.12.02 12:59:38+0100]:
> Wrong :). Someone (forgot his name unfortunately) already implemented
> this. If you ask on the netfilter list they should be able to point
> you to the right patch.
oh my, everyone is misunderstanding my non-important, trivial p
* Wichert Akkerman <[EMAIL PROTECTED]> [2001.12.02 12:59:38+0100]:
> Wrong :). Someone (forgot his name unfortunately) already implemented
> this. If you ask on the netfilter list they should be able to point
> you to the right patch.
oh my, everyone is misunderstanding my non-important, trivial
Previously martin f krafft wrote:
> okay, this is an interesting point. however, all i was saying is that
> the linux bridging project is commiting suicide (as the bridging
> project) as soon as they interface with netfilter or anything else
> that works with IP.
Wrong :). Someone (forgot his name
Previously martin f krafft wrote:
> okay, this is an interesting point. however, all i was saying is that
> the linux bridging project is commiting suicide (as the bridging
> project) as soon as they interface with netfilter or anything else
> that works with IP.
Wrong :). Someone (forgot his nam
end me an email and I
will give you news.
---
François Bayart
[EMAIL PROTECTED]
+33 1 49 27 98 30
+33 6 87 84 18 82
- Original Message -
From: "martin f krafft" <[EMAIL PROTECTED]>
To: "Attila Nagy" <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, November 29, 2001 3:45 PM
Subject: Re: iptables with a linux bridge
* Attila Nagy <[EMAIL PROTECTED]> [2001.11.29 14:30:56+0100]:
> > a firewall needs to have IP routing capabilities to be able to enforce
> > rules (same for a packet filter),
> ?
> A proxy firewall doesn't need to have IP routing capabilities (eg.
> forwarding packet between interfaces). And a prox
Hello,
> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of
> it's external interfaces. So how can you do an intrusion attack on a
> firewall that you cannot address?
In theory it is possible. If you can use the
Hello,
> a firewall needs to have IP routing capabilities to be able to enforce
> rules (same for a packet filter),
?
A proxy firewall doesn't need to have IP routing capabilities (eg.
forwarding packet between interfaces). And a proxy firewall is definietly
a firewall. (some people doesn't call p
end me an email and I
will give you news.
---
François Bayart
[EMAIL PROTECTED]
+33 1 49 27 98 30
+33 6 87 84 18 82
- Original Message -
From: "martin f krafft" <[EMAIL PROTECTED]>
To: "Attila Nagy" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent:
* Attila Nagy <[EMAIL PROTECTED]> [2001.11.29 14:30:56+0100]:
> > a firewall needs to have IP routing capabilities to be able to enforce
> > rules (same for a packet filter),
> ?
> A proxy firewall doesn't need to have IP routing capabilities (eg.
> forwarding packet between interfaces). And a pro
Hello,
> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of
> it's external interfaces. So how can you do an intrusion attack on a
> firewall that you cannot address?
In theory it is possible. If you can use the
Hello,
> a firewall needs to have IP routing capabilities to be able to enforce
> rules (same for a packet filter),
?
A proxy firewall doesn't need to have IP routing capabilities (eg.
forwarding packet between interfaces). And a proxy firewall is definietly
a firewall. (some people doesn't call
On Wed, 28 Nov 2001, François Bayart wrote:
>
> Hi ,
>
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
>
> brctl addbr br0
> brctl addif br0 eth0
> brctl addif br0 eth1
> ifconfig eth0 0.0.0.0
> ifconfig eth1 0.0.0.0
> ifconfig br0 62.4.8.2 netmask 255.255.255
On Wed, 28 Nov 2001, François Bayart wrote:
>
> Hi ,
>
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
>
> brctl addbr br0
> brctl addif br0 eth0
> brctl addif br0 eth1
> ifconfig eth0 0.0.0.0
> ifconfig eth1 0.0.0.0
> ifconfig br0 62.4.8.2 netmask 255.255.25
Simon Murcott wrote:
> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of it's
> external interfaces. So how can you do an intrusion attack on a firewall
> that you cannot address?
Another advantage is the tran
On Thu, 29 Nov 2001, Simon Murcott wrote:
>On Thu, 29 Nov 2001, martin f krafft wrote:
>
>>okay, so i read the FAQ, they are possible. but they don't make sense.
>>in fact, i will argue that as soon as you employ netfilter or
>>ipchains on a linux bridge, you don't have a bridge anymore! you won't
Jeremy T. Bouse wrote:
> If I'm not mistaken I believe the bridging code runs before
> the firewall code so the bridging by-passes the firewall filters
> completely... Please if I'm incorrect in this would someone care to
> correct me but that is what information I've found through my rese
François Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I just finished testing a setup pretty similar to yours. It's a
machine with kernel 2.4.14, patch bridge-nf-0.0.3 and
bridge-utils-0.9.3.
So far it works great and I am really satisfied.
I ba
* Simon Murcott <[EMAIL PROTECTED]> [2001.11.29 16:31:12+1300]:
> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of it's
> external interfaces. So how can you do an intrusion attack on a firewall
> that you canno
On Thu, 29 Nov 2001, martin f krafft wrote:
>okay, so i read the FAQ, they are possible. but they don't make sense.
>in fact, i will argue that as soon as you employ netfilter or
>ipchains on a linux bridge, you don't have a bridge anymore! you won't
>have a packet filter or router either, but it'
okay, so i read the FAQ, they are possible. but they don't make sense.
in fact, i will argue that as soon as you employ netfilter or
ipchains on a linux bridge, you don't have a bridge anymore! you won't
have a packet filter or router either, but it's not going to be a
bridge as it concerns itsel
* Jeremy T. Bouse <[EMAIL PROTECTED]> [2001.11.28 09:07:53-0800]:
> If I'm not mistaken I believe the bridging code runs before
> the firewall code so the bridging by-passes the firewall filters
> completely... Please if I'm incorrect in this would someone care to
> correct me but that is wh
* Giacomo Mulas <[EMAIL PROTECTED]> [2001.11.28 18:11:40+0100]:
> > I've installed a linux bridge with 2.4.14 kernel and the
> > bridge-utils packages
>
> I am VERY interested, since I administer a transparent firewall
> myself. My firewall uses proxy arp (I implemented it in the old
> 2.2.x kerne
Simon Murcott wrote:
> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of it's
> external interfaces. So how can you do an intrusion attack on a firewall
> that you cannot address?
Another advantage is the tra
On Thu, 29 Nov 2001, Simon Murcott wrote:
>On Thu, 29 Nov 2001, martin f krafft wrote:
>
>>okay, so i read the FAQ, they are possible. but they don't make sense.
>>in fact, i will argue that as soon as you employ netfilter or
>>ipchains on a linux bridge, you don't have a bridge anymore! you won'
Jeremy T. Bouse wrote:
> If I'm not mistaken I believe the bridging code runs before
> the firewall code so the bridging by-passes the firewall filters
> completely... Please if I'm incorrect in this would someone care to
> correct me but that is what information I've found through my res
François Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I just finished testing a setup pretty similar to yours. It's a
machine with kernel 2.4.14, patch bridge-nf-0.0.3 and
bridge-utils-0.9.3.
So far it works great and I am really satisfied.
I b
* Simon Murcott <[EMAIL PROTECTED]> [2001.11.29 16:31:12+1300]:
> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of it's
> external interfaces. So how can you do an intrusion attack on a firewall
> that you cann
On Thu, 29 Nov 2001, martin f krafft wrote:
>okay, so i read the FAQ, they are possible. but they don't make sense.
>in fact, i will argue that as soon as you employ netfilter or
>ipchains on a linux bridge, you don't have a bridge anymore! you won't
>have a packet filter or router either, but it
okay, so i read the FAQ, they are possible. but they don't make sense.
in fact, i will argue that as soon as you employ netfilter or
ipchains on a linux bridge, you don't have a bridge anymore! you won't
have a packet filter or router either, but it's not going to be a
bridge as it concerns itse
* Jeremy T. Bouse <[EMAIL PROTECTED]> [2001.11.28 09:07:53-0800]:
> If I'm not mistaken I believe the bridging code runs before
> the firewall code so the bridging by-passes the firewall filters
> completely... Please if I'm incorrect in this would someone care to
> correct me but that is w
* Giacomo Mulas <[EMAIL PROTECTED]> [2001.11.28 18:11:40+0100]:
> > I've installed a linux bridge with 2.4.14 kernel and the
> > bridge-utils packages
>
> I am VERY interested, since I administer a transparent firewall
> myself. My firewall uses proxy arp (I implemented it in the old
> 2.2.x kern
For the moment that's correctly works just with the bridge rule, I use it
with the staging servers since 1 week.
I have change the default gateway on the servers behind the bridge, I use
the ip bridge as gateway that's stay transparent in the traceroute and the
iptable works with the FORWARD rul
On Wed, 28 Nov 2001, Fran?ois Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
Did you include the netfilter patch ?
http://bridge.sourceforge.net/download.html
remember to exclude the netfilter debug option.
> That correctly works but now I wo
On Wed, 28 Nov 2001, François Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I am VERY interested, since I administer a transparent firewall myself. My
firewall uses proxy arp (I implemented it in the old 2.2.x kernel +
ipchains days), but I would l
If I'm not mistaken I believe the bridging code runs before
the firewall code so the bridging by-passes the firewall filters
completely... Please if I'm incorrect in this would someone care to
correct me but that is what information I've found through my research
on the subject...
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would l
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would li
For the moment that's correctly works just with the bridge rule, I use it
with the staging servers since 1 week.
I have change the default gateway on the servers behind the bridge, I use
the ip bridge as gateway that's stay transparent in the traceroute and the
iptable works with the FORWARD ru
On Wed, 28 Nov 2001, Fran?ois Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
Did you include the netfilter patch ?
http://bridge.sourceforge.net/download.html
remember to exclude the netfilter debug option.
> That correctly works but now I w
On Wed, 28 Nov 2001, François Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I am VERY interested, since I administer a transparent firewall myself. My
firewall uses proxy arp (I implemented it in the old 2.2.x kernel +
ipchains days), but I would
If I'm not mistaken I believe the bridging code runs before
the firewall code so the bridging by-passes the firewall filters
completely... Please if I'm incorrect in this would someone care to
correct me but that is what information I've found through my research
on the subject...
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would l
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would li
58 matches
Mail list logo
