[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall on a debian Box.

>     erich> How transparent does this box have to be? Like a bridge
>     erich> (i.e. like your switch) or like a router?  like a router is
>     erich> easy, but you need to change settings on your existing
>     erich> router (which can be hard if you do not have access to
>     erich> it...)
> 
> Hmmm.  You could play proxy-arp tricks to eliminate this problem, I
> think.  Am I missing something?

Let's say you have a router, you don't have acces to, which expects being
directly connected to your network.
But you want all packets to go through a firewall.
Usually you would just set a route on the router directing anything to the
firewall box and all firewalled hosts use the firewall box as default
gateway.
But this doesn't work out as you cannot set the route on te router.
So you need to bridge over all packets from the router-firewall lan to the
interal 8firewalled) lan.
This cannot be done by pure arp tricks.
you need a complete bridge and you want to do firewalling (wheres the bridge
included in the kernel does not packte-filter!)

Greetings, Erich
Reply to: