[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: iptables

the main reason for the firewall/router is to have the ability to block
spesified ip/ip-classes.

we have a problem of beeing ddos'ed, and whith a firewall like this we
could block the traffick before it enters our network at the office.

i dont think bridge would work so good, atleast not later when we
upgrade the box.
currently there are 5 100mbit nic, and later there will be 1 1gbps and 4
100mbit nic.

so there must be a solution that accepts the ip-klass from the inside
network, and route it through the firewall.

the policy of the firewall should be default accept,

anders gjare

-----Original Message-----
From: Vineet Kumar [mailto:debian-security@virtual.doorstop.net]
Sent: 21. juni 2001 20:05
To: debian-firewall@lists.debian.org
Subject: Re: iptables

Do you want your machine to act as an ethernet hub? (duplicating all
packets coming on on one interface out on the other)

You might be interested in setting it up as a bridge, sort of like a
switch between two non-switched half-networks. There's a mini-HOWTO
available for bridge setup here:


Otherwise, to just plainly forward things from one interface to the
other with no NAT, that's really a routing task, not an iptables task.
Just make sure you have ip forwarding enabled and that your routing
table is set up to send packets destined for each network on the
correct interface. All you'll have to do with iptables is ensure that
they're ALLOWed to pass through the FORWARD chain.

If you want a more detailed answer, please provide some more details
(i.e. which subnet addresses you're using on which interfaces).


* Anders Gj?re (Anders@oslo.kvalito.no) [010621 14:08]:
> how can i forward everyting from eth0 to eth1 without masquerading
> iptables?  
> mvh 
> anders gj?re
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact

Reply to: