Re: iptables / bridge mode

To: debian-firewall@lists.debian.org
Cc:
Subject: Re: iptables / bridge mode
From: Blars Blarson <blarson@blars.org>
Date: Sun, 19 Jan 2003 16:03:52 -0800
Message-id: <[🔎] 200301200003.h0K03qMr001869@monkey.nat.blars.org>
In-reply-to: <[🔎] 3E2B294E.40805@linuxinfo.dk>

In article <[🔎] 3E2B294E.40805@linuxinfo.dk> josefsen@linuxinfo.dk writes:
>I needed to setup a firewall after the network was taken i production, 
>so i decided to go bridge mode in order to make the integration 
>completely transparent(except for the 30 seconds for the box to learn 
>the routing tables and 5 secs to move the plug)

Another way of doing it is a single-address proxy-arp firewall.  Like
the bridge solution, there is no need to reconfigure anything but the
firewall.  Unlike the bridge, it will show up on traceroutes.

I've got a production single-address proxy-arp firewall with about 200
systems behind it (incoming connection is a t3) on 5 segments.

At some point, I should write it up as a mini-howto.  Using the ip
command to control the details of interface configuration and routing
is the main unusual thing.
-- 
Blars Blarson			blarson@blars.org
				http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden

Reply to:

References:
- iptables / bridge mode
  - From: Brian Josefsen <josefsen@linuxinfo.dk>

Prev by Date: Re: iptables / bridge mode
Next by Date: Re: iptables / bridge mode
Previous by thread: Re: iptables / bridge mode
Next by thread: Re: iptables / bridge mode
Index(es):
- Date
- Thread