Re: "transparent" firewall possible?
Thanks for directing me to that website... lots of relevent information
there. Thankfully we are running 2.4 on nearly all boxes now, so
everything is already there :-)
----- Original Message -----
From: "Matt Ryan" <email@example.com>
To: "Jason Lim" <firstname.lastname@example.org>; <email@example.com>
Sent: Monday, February 04, 2002 6:29 PM
Subject: Re: "transparent" firewall possible?
> Its possible, in fact there has been a thread running over that last
> so about defining rules for use in this way. The best place to start is
> probably http://bridge.sourceforge.net/ as that has the relevant
> ----- Original Message -----
> From: "Jason Lim" <firstname.lastname@example.org>
> To: <email@example.com>
> Sent: Monday, February 04, 2002 10:17 AM
> Subject: "transparent" firewall possible?
> > Hi,
> > I was wondering about this...
> > Is it possible to have a completely plug-n-play transparent firewall
> > setup? For example, all that would need to be entered into the
> > setup is the IP(s) that should be recognized, and the ports that
> > recognized.
> > The box would have 2 NIC cards... MZ (the internet) and LAN (behind
> > firewall)...
> > All the box does would be to bridge the two NICs, and perform
> > in between the bridge.
> > I have something like that running right now (not working properly
> > I am using the "bridging-utils" in Debian testing to bridge eth0 (lan)
> > eth1 (internet), and have iptables to do some filtering on incoming
> > packets on eth1. But does the bridging in the kernel pass the packets
> > directly from eth1 to eth0 before it hits the netfilter code? Or does
> > netfilter code (and hence iptables) act first, filter the traffic,
> > pass the data from eth1 to eth0?
> > Probably someone has done all this in the past, and in fact I have
> > distro that *sounds* like it does this, but it is a weird heavily
> > customized Redhat, and I would perfer to stick with the Debian that we
> > love.
> > Sincerely,
> > Jason