Re: Firewall & Bridge
On Tue, 04 Sep 2001, Jayson Johnson wrote:
> Hello,
> I know this question has come up here and there, and I am still
> haveing trouble getting things to work. I am trying to create a bridge
> that will also filter out packets (tcp's) and redirect them to another
> location or deny them. I can do this in a firewall, and get everything to work, but the trick is, I need them to work with the bridge.
> I built the bridge and it works great. I can't get the firewall part working I have went to every bridge/firewall site, tried everything that is suggested, and still can't seem to get the firewall to work. I do not want to setup the box as a router, because there are several hundred users in various locations, etc, that already have there tcp/ip info setup, and there is not one central place that I can pop the box into, to use as a router. I want it to be completly transparent. Any suggestions or help? I am downloading the latest build of debian, and see if
> that helps. I am using kernel 2.4.2 now.
I believe that 2.4 kernels do allow you to create a bridging firewall.
Only the do not use the regular chains. It uses the PREROUTING and POSTROUTING
chain.
In /usr/share/doc/bridge-utils
you can find FIREWALL.IPTABLES which explains this if I recall correctly.
Greets
Jigal
--
Zarq:
Surrender all your closed sources to us. We are Debian.
You will be assimilated.
- <debian maintainer>
Reply to: