[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Newbie, someone have how-to on from-scratch Debian firewall?

On Mon, Nov 06, 2000 at 09:32:19PM -0800, IML-debian-firewall wrote:
> Brian,
> I assume by "transparent" you mean without normal IP routing and without
> consumption of (two) IP addresse(s).
> This part I do know a little about.  Proxy-ARP has been used with success by
> some users who run LRP ( http://www.linuxrouter.org/ ) ... and there is also
> a driver that allows the firewall interfaces to work in bridging mode.... so
> there are two solutions I know of.
> As an aside, a lot of research I have done says that OpenBSD is a nearly
> perfect platform for transparent... lots of people have been using it this
> way for years when it seems that Linux is just getting into the game.

Yes, this is what I meant by transparent filtering, it's interesting because
it pretty much eliminates any attack to 'own' the firewall, without an ip
address.. connecting to it is well.. difficult.

thanks for the info, i'd heard about it with ipf before, but never linux
ipchains/netfilter, etc.

>   Stephen Gutknecht
>   Renton, Washington
> -----Original Message-----
> From: Brian Russo [mailto:brusso@phys.hawaii.edu]
> Sent: Monday, November 06, 2000 6:06 PM
> To: IML-debian-firewall
> Cc: debian-firewall@lists.debian.org
> Subject: Re: Newbie, someone have how-to on from-scratch Debian
> firewall?
> somewhat unrelated note..
> anyone know how well linux does transparent filtering? anyone tried this?
>  - brian.
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

| Brian Russo   <brusso@phys.hawaii.edu>   GPG ID: 54D81666 
| 404E 87E8 DD0C 275B 742B  09AD 2243 839C 54D8 1666 

Reply to: