I thought I probably was, thats why I looked at the 'Bridging' mini-howto
but I couldnt see whether it was possible or not to make it do
filtering/firewalling without having to make it the default router
as well. Its starting to look as though I cant, although one suggestion
so far is to use rarp. This may cause me some headaches - I have
800+ machines on my local side, and a huge number on the campus
side, although admittedly I dont need to know about most of them,
just mail hubs, web servers, news servers, time servers and dns servers.
Cheers,
Terry.
>
>Why? Bridges generally are only worried about network packets, in this
>case ethernet. It sees a packet on one side, determines that the recipient
>may be on the other side, and retransmits the packet on that side. It
>doesn't care if it is IP or IPX or SMB or whatever. It's taking care of
>ethernet packets.
>
>Firewalls, on the other hand, look at IP packets, deterines whether it
>should pass the packet based on the source/destination addresses, and on
>the port and protocol numbers, and then either passes it on (generally
>with some rewriting of the IP headers) or drops it. Much more work
>intensive and needs much more information than just the eternet headers.
>
>So, you really should/have to use your firewall as a gateway device. Doing
>it as a bridge will leak packets both ways, and won't give you much in the
>way of security.
>
>There are some 'transparent' security devices out there, but IMHO, they
>aren't.
>
>jf
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/