Re: "transparent" firewall possible?

To: "Matt Ryan" <mryan@debian.org>, <debian-isp@lists.debian.org>
Subject: Re: "transparent" firewall possible?
From: "Jason Lim" <maillist@jasonlim.com>
Date: Mon, 4 Feb 2002 18:53:51 +0800
Message-id: <[🔎] 05a301c1ad6a$4cfef340$0400a8c0@zentek.net>
Reply-to: "Jason Lim" <maillist@jasonlim.com>
References: <[🔎] 054d01c1ad65$3084db80$0400a8c0@zentek.net> <[🔎] 009901c1ad66$db0e4720$a26e22d9@banana.org.uk>

Thanks for directing me to that website... lots of relevent information
there. Thankfully we are running 2.4 on nearly all boxes now, so
everything is already there :-)

----- Original Message -----
From: "Matt Ryan" <mryan@debian.org>
To: "Jason Lim" <maillist@jasonlim.com>; <debian-isp@lists.debian.org>
Sent: Monday, February 04, 2002 6:29 PM
Subject: Re: "transparent" firewall possible?


> Its possible, in fact there has been a thread running over that last
week or
> so about defining rules for use in this way. The best place to start is
> probably http://bridge.sourceforge.net/ as that has the relevant
patches.
>
>
> Matt.
>
> ----- Original Message -----
> From: "Jason Lim" <maillist@jasonlim.com>
> To: <debian-isp@lists.debian.org>
> Sent: Monday, February 04, 2002 10:17 AM
> Subject: "transparent" firewall possible?
>
>
> > Hi,
> >
> > I was wondering about this...
> >
> > Is it possible to have a completely plug-n-play transparent firewall
> > setup? For example, all that would need to be entered into the
firewall's
> > setup is the IP(s) that should be recognized, and the ports that
should be
> > recognized.
> >
> > The box would have 2 NIC cards... MZ (the internet) and LAN (behind
> > firewall)...
> >
> > All the box does would be to bridge the two NICs, and perform
"filtering"
> > in between the bridge.
> >
> > I have something like that running right now (not working properly
yet)...
> > I am using the "bridging-utils" in Debian testing to bridge eth0 (lan)
and
> > eth1 (internet), and have iptables to do some filtering on incoming
> > packets on eth1. But does the bridging in the kernel pass the packets
> > directly from eth1 to eth0 before it hits the netfilter code? Or does
the
> > netfilter code (and hence iptables) act first, filter the traffic,
THEN
> > pass the data from eth1 to eth0?
> >
> > Probably someone has done all this in the past, and in fact I have
found a
> > distro that *sounds* like it does this, but it is a weird heavily
> > customized Redhat, and I would perfer to stick with the Debian that we
all
> > love.
> >
> > Sincerely,
> > Jason
>
>
>

Reply to:

References:
- "transparent" firewall possible?
  - From: "Jason Lim" <maillist@jasonlim.com>
- Re: "transparent" firewall possible?
  - From: "Matt Ryan" <mryan@debian.org>

Prev by Date: Re: "transparent" firewall possible?
Next by Date: R: "transparent" firewall possible?
Previous by thread: Re: "transparent" firewall possible?
Next by thread: Re: "transparent" firewall possible?
Index(es):
- Date
- Thread