Re: Bridge+firewall - possible?

Jeff Garzik (jgarzik@pobox.com)
Wed, 9 Dec 1998 12:07:07 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Feuer: "Re: Unswappable memory needed is user space"
Previous message: Andi Kleen: "Re: [patch] Unlimited number of processes, x86, 2.1.131"
In reply to: Martin Mares: "Re: atomicity"
Next in thread: Gregory Maxwell: "Re: Good news for SPARC/Linux"

Alan Cox wrote:
>
> > After I got everything set up, I found out that Linux bridging layer
> > does not go through the packet filter. That makes sense... it's
> > ethernet vs IP layers.
> >
> > My question -- is there any way to set up a packet-filtering bridge
> > using Linux? (including coding)
>
> Ok there are two ways to do this
>
> 1. You set up a big proxy arp table and actually route it. Thats the
> sledgehammer approach but should work fine providing peopel dont
> move PCs around (bonus points for writing a listening daemon
> that learns where people are and adjusts the proxy arp table)

I'm probably gonna go with this, I didn't know that proxy ARP would work
like 'arp -s 0.0.0.0 00:00:00:00:00:00 netmask 0.0.0.0 pub' and handle
everything magically.

I may still look into the listening daemon if this is not sufficient.

Thanks for all the responses!

Jeff

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Feuer: "Re: Unswappable memory needed is user space"
Previous message: Andi Kleen: "Re: [patch] Unlimited number of processes, x86, 2.1.131"
In reply to: Martin Mares: "Re: atomicity"
Next in thread: Gregory Maxwell: "Re: Good news for SPARC/Linux"