Re: Firewall or bridge?
-----BEGIN PGP SIGNED MESSAGE-----
you can get bridging code to compile a new kernel with.
then you can run firewall scripts over the top of that.
google and you shall find.
My office built up a HP p200 into a bridging firewall for our desktop
totally transparent, no settings changed on any otehr part of the network.
its up to 312 days uptime and we're crossing our fingers to go the whole
it's fiddly to swet up
but very useful and powerful
David Gaudine wrote:
> I've been reading about firewalls, and can't figure out what to put in
> "interfaces" for my situation. I now think that the problem is I need a
> bridge rather than the kind of firewall I was reading about. My
> situation is:
> - Static IP with public addresses
> - Gateway 220.127.116.11 is on the "internet" side, all other 132.205.50.x
> on the "inside". This is why I can't figure out what to put in
> "interfaces", since the net mask would put the gateway on the wrong
> - router is far away, and expects to be connected to a switch. My
> understanding is that to use a firewall I'd have to get the gateway
> configured to address everything to my firewall, and I don't want to
> mess with the router.
> My questions are
> 1) Am I right about needing a bridge?
> 2) Normally a bridge has no IP address and can't be used to provide
> other services. It can't even be accessed remotely. Is there a way
> around that?
"I live in the Managerial Age, in a world of "Admin." The
greatest evil is not now done in those sordid "dens of
crime" that Dickens loved to paint. It is not done even in
concentration camps and labour camps. In those we see its
final result. But it is conceived and ordered (moved,
seconded, carried, and minuted) in clean, carpeted, warmed
and well-lighted offices, by quiet men with white collars
and cut fingernails and smooth-shaven cheeks who do not need
to raise their voices. Hence, naturally enough, my symbol
for Hell is something like the bureaucracy of a police state
or the office of a thoroughly nasty business concern."
- - C. S. Lewis
John "Johnboy" Griffiths - RiotACT Editor
Ph: 0412 690 643
ICQ UIN: 7933859
GPG Keyserver pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----