Transparent bridge firewall with bridge-nf

To: Debian Security <debian-security@lists.debian.org>
Subject: Transparent bridge firewall with bridge-nf
From: Benjamin Goedeke <goedeke@nord-com.net>
Date: Wed, 29 Oct 2003 13:12:57 +0100
Message-id: <[🔎] 1067429577.857.28.camel@dirac.mylinbox.kicks-ass.org>
Reply-to: goedeke@nord-com.net

Hello everyone,

I administer a LAN that will soon be moved from private to public IP
space. The LAN is inside a university network and as such in a rather
hostile environment.

At the moment there is a firewall with a public IP doing all the
filtering and a NAT/router box behind this. Now I'm thinking about
setting up a transparent bridge firewall using the bridge-nf patch from
http://bridge.sf.net to replace the firewall once the transition to
public IP space is done. I don't have any real-life experience with such
a setup and I'd like some input on pros and cons of a filtering bridge
as opposed to a setup with a firewall+router.

The one obvious advantage is that the bridge doesn't have an IP address
and remains invisible at the cost of giving away the real IP addresses
of the servers inside the LAN. So, is it safer to keep doing NAT and
keep hiding the real IP addresses of the servers or to hide the firewall
itself?

Thanks for any input,
Ben

Reply to:

Follow-Ups:
- Re: Transparent bridge firewall with bridge-nf
  - From: Dariush Pietrzak <eyck@forumakad.pl>
- Re: Transparent bridge firewall with bridge-nf
  - From: Blars Blarson <blarson@blars.org>
- Re: Transparent bridge firewall with bridge-nf
  - From: Norbert Preining <preining@logic.at>

Prev by Date: Re: group video access hazards?
Next by Date: Re: Transparent bridge firewall with bridge-nf
Previous by thread: Re: group video access hazards?
Next by thread: Re: Transparent bridge firewall with bridge-nf
Index(es):
- Date
- Thread