Re: Transparent network bridge+filter?
You have an interesting idea, but it won't work in my case. I have to
put this between a pair of Cisco routers running EIGRP. They won't see
each other if the router discovery packets (etc.) aren't forwarded by
a bridge. I also can't guarantee that the address of the router on one
side won't change -- it is not under my control.
On Wed, Jan 19, 2000 at 08:42:00AM +0100, Onno Ebbinge wrote:
> At 02:08 PM 1/18/00 -0600, Jeff Noxon wrote:
> >Can anything that runs on Linux do reliable network bridging & filtering?
> >I need a transparent filter that I can drop into an existing network.
> >Ipfilter will do the job with Open/NetBSD. It may work on Linux, but
> >requires kernel 2.0.35 and isn't compatible with glibc.
> Another guy ask -something like that- before,
> I replied with an answer that worked ;-)
> Here is my reply and maybe you can use
> parts of it:
> (You don't want to use this route config ;-)
> > This has been a while but here it goes:
> > Please test if the next settings will do the trick.
> > The debian box cannot be reached from the inet or lan,
> > We can do something about the lan connection though...
> > Note: Filtering firewall is WIDE open!
> > Note: There is a route for all IP's because they are
> > on the same subnet (netmask) but NOT on the
> > same network device!
> > Note: Youre gateway is 184.108.40.206
> > root# ifconfig lo 127.0.0.1
> > root# ifconfig eth0 0.0.0.0 promisc
> > root# ifconfig eth1 0.0.0.0 promisc
> > root# route add 220.127.116.11 eth0
> > root# route add 18.104.22.168 eth0
> > root# route add 22.214.171.124 eth0
> > root# route add 126.96.36.199 eth0
> > root# route add 188.8.131.52 eth0
> > root# route add 184.108.40.206 eth1
> > root# ipchains -P input ACCEPT
> > root# ipchains -P forward ACCEPT
> > root# ipchains -P ouput ACCEPT
> > root# ipchains -F
> > root# ipchains -X
> > Please send me your results....