[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "transparent" firewall possible?

Its possible, in fact there has been a thread running over that last week or
so about defining rules for use in this way. The best place to start is
probably http://bridge.sourceforge.net/ as that has the relevant patches.


Matt.

----- Original Message -----
From: "Jason Lim" <maillist@jasonlim.com>
To: <debian-isp@lists.debian.org>
Sent: Monday, February 04, 2002 10:17 AM
Subject: "transparent" firewall possible?


> Hi,
>
> I was wondering about this...
>
> Is it possible to have a completely plug-n-play transparent firewall
> setup? For example, all that would need to be entered into the firewall's
> setup is the IP(s) that should be recognized, and the ports that should be
> recognized.
>
> The box would have 2 NIC cards... MZ (the internet) and LAN (behind
> firewall)...
>
> All the box does would be to bridge the two NICs, and perform "filtering"
> in between the bridge.
>
> I have something like that running right now (not working properly yet)...
> I am using the "bridging-utils" in Debian testing to bridge eth0 (lan) and
> eth1 (internet), and have iptables to do some filtering on incoming
> packets on eth1. But does the bridging in the kernel pass the packets
> directly from eth1 to eth0 before it hits the netfilter code? Or does the
> netfilter code (and hence iptables) act first, filter the traffic, THEN
> pass the data from eth1 to eth0?
>
> Probably someone has done all this in the past, and in fact I have found a
> distro that *sounds* like it does this, but it is a weird heavily
> customized Redhat, and I would perfer to stick with the Debian that we all
> love.
>
> Sincerely,
> Jason
Reply to: