Re: How to route

To: <debian-security@lists.debian.org>
Subject: Re: How to route
From: Davy Gigan <davy@info.unicaen.fr>
Date: Thu, 28 Jun 2001 18:51:27 +0200
Message-id: <[🔎] 15163.24719.645506.410572@info.unicaen.fr>
In-reply-to: <[🔎] Pine.LNX.4.33.0106271658560.3132-100000@irma>
References: <[🔎] 15160.53726.621935.518343@info.unicaen.fr> <[🔎] Pine.LNX.4.33.0106271658560.3132-100000@irma>

Marco Tassinari writes:
 > 
 > >  >  Good idea! But is it a Good Thing? mhhh... yes, it seems!
 > >  > Ok, as a definitive solution I'll do it and update to
 > > You definitly don't have to update to iptables and 2.4 kernels
 > > to NAT.
 > Yes, but in the future...
Your right but some admin would say 'never change things that are working well' ...
Your router manager by example (sorry it was a too simple joke to do ;-)

 > Last mounth I enabled bridge within a 2.2.19 (tar.gz) kernel and there was
 > no 'bridge' chain in ipchains. The chain appared magically applying a
 > linux_brfw_2.2.17.diff to the kernel and recompiling it...
 > pheraphs I was wrong and that was not the point, I don't remember.

Sorry i didn't understood the fact you wanted to configure the firewall
with bridge. I've only noticed the fact you wanted to do an ethernet
bridge with your box (witch is possible without patch).

 > > Last thing, i'm wondering why you need bridging ? I presume you are
 > > making a mismatch between NAT and Ethernet-Bridging, which are significantly
 > > different ...
 > 
 > Well... a bridge is a /---\ on a river beetwen two networks... it has a
 > learning algoritm to know who can traverse it. Howto said.

Yes it is. With a bridge, you can say two physically different networks
are the same network. The learning algorithm as far as i know is that
the bridge maintain a list of all the node he can see from his different
interfaces (switches (and stack of switches) do so but are the same physical network),
if you've got a lot of machines and physically separated
networks, it's usefull. However if you want to NAT, you don't need bridge :
you want a single public address to serve for your entire private network (and
services with port forwarding).

 >  A Nat is a way to redirect a packet to or from somewhere...
Also right.

 > They can both solve my problem, but pheraps Nat was designed for me.
 >  When I say Nat i mean "iptables nat" because is the only Nat I know under
 > linux. Yes, what I'm going to do with a bridge could be seen as a Nat.
 >  Oooooo.
I think so. I think you don't need a bridge and you can simply configure
a firewall / gateway for your private network.

 > And why I need bridging...? because I don't want to modify the router as
 > my old good poor manager asked to me...!
As someaone already said : it's another level of security to modify
your router.

Bye.

-- 
Davy Gigan
System & Network Administration
University Of Caen (France)

Reply to:

Follow-Ups:
- Re: How to route
  - From: Marco Tassinari <iw3hja@dei.unipd.it>

References:
- Re: How to route
  - From: Davy Gigan <davy@info.unicaen.fr>
- Re: How to route
  - From: Marco Tassinari <iw3hja@dei.unipd.it>

Prev by Date: Re: What about closed ports?
Next by Date: compile libc5 ...
Previous by thread: Re: How to route
Next by thread: Re: How to route
Index(es):
- Date
- Thread