[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall or bridge?

Hash: SHA1

you can get bridging code to compile a new kernel with.

then you can run firewall scripts over the top of that.

google and you shall find.

My office built up a HP p200 into a bridging firewall for our desktop

totally transparent, no settings changed on any otehr part of the network.

its up to 312 days uptime and we're crossing our fingers to go the whole

it's fiddly to swet up

but very useful and powerful

David Gaudine wrote:
> I've been reading about firewalls, and can't figure out what to put in
> "interfaces" for my situation.  I now think that the problem is I need a
> bridge rather than the kind of firewall I was reading about.  My
> situation is:
> - Static IP with public addresses
> - Gateway is on the "internet" side, all other 132.205.50.x
> on the "inside".  This is why I can't figure out what to put in
> "interfaces", since the net mask would put the gateway on the wrong
> side.
> - router is far away, and expects to be connected to a switch.  My
> understanding is that to use a firewall I'd have to get the gateway
> configured to address everything to my firewall, and I don't want to
> mess with the router.
> My questions are
> 1) Am I right about needing a bridge?
> 2) Normally a bridge has no IP address and can't be used to provide
> other services.  It can't even be accessed remotely.  Is there a way
> around that?
> David

- --

"I live in the Managerial Age, in a world of "Admin." The
greatest evil is not now done in those sordid "dens of
crime" that Dickens loved to paint. It is not done even in
concentration camps and labour camps. In those we see its
final result. But it is conceived and ordered (moved,
seconded, carried, and minuted) in clean, carpeted, warmed
and well-lighted offices, by quiet men with white collars
and cut fingernails and smooth-shaven cheeks who do not need
to raise their voices. Hence, naturally enough, my symbol
for Hell is something like the bureaucracy of a police state
or the office of a thoroughly nasty business concern."

- - C. S. Lewis


John "Johnboy" Griffiths - RiotACT Editor

Ph: 0412 690 643
ICQ UIN: 7933859
email: johnboy@the-riotact.com
GPG Keyserver pgp.mit.edu
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Reply to: