Bridge and Firewall
Hi,
I'm stupid, but...
I need a bit of babble to declare myself:
My company sits behind a leased line, our endpoint is an also leased cisco.
We have no access this the cisco.
The Cisco is now connected to the switch (3com) of our LAN. The cisco did
all the NAT and a bit of firewalling (portblocking)
All ip adresses (cisco, switch, servers,...) are in the 10.x.x.x range.
Now i want to install an firewall wich is under my control.
Without changes of configuration (ip-adresse of either cisco or LAN) i
could plug in a linuxbox between cisco and switch, s.th. like this:
[Internet]---[cisco]-- *[Linuxbox]*-[switch]-...
I compiled a kernel 2.45. with bridgeing code and install bridge-utils. so
the linuxbox is used as a bridge.
Now i setup the firewall with iptables to drop all icmp packets that cross
the linuxbox in the standard chains (IN, OUT, FORWARD,PRE, POST).
pinged from on server before the linuxbox to one behind it. Did not work.
I try to ping from the linuxbox and all packet are droped. worked.
The Doku of brideg-utils statetd that the doku of iptabels.firewall is out
of date. But didnt mention it is not working...
It seems to me, that the bridge didn't go throug the netfilter, but why?
Is there any settings i missed?
What's it, that i don't see?
Please help.
ar
--
[ampersand online agentur]
[andreas rabus]
[programmierung]
theresienstraße 29 / IV
80333 münchen
tel 0 89 - 28 67 72 - 27
fax 0 89 - 28 67 72 - 21
andreas@ampersand.de
http://www.ampersand.de
Reply to: