[IP layer filtering, with bridging code]
> And to talk to someone on the same network (wire) all it needs is
> a MAC address of the other host, nothing else.
> SunScreen from Sun proves it can be done, at least with Solaris.
> And after all, there can't be anything other OSes
> can do what Linux couldn't ;-)
I've accomplished this before, just not with the bridging code..
There is (at least when I did this w/ 2.0 kernel) a flag you can pass to
arp to make the linux box proxy arp for all addresses on one side to the
other. Then you enable packet forwarding and use normal IP filtering.
This weird arp masqueraid is much like a bridge but you can use IP
filtering. I did this so that I could transparently drop a firewall into
an existing network.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/