Bridge+firewall - possible?

Jeff Garzik (jgarzik@pobox.com)
Tue, 8 Dec 1998 18:05:50 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Olsen: "Re: [Offtopic] chipsfb.c on Intel platforms"
Previous message: Bob Taylor: "Re: Serial line problems"
Next in thread: Lauri Tischler: "Re: Bridge+firewall - possible?"
Maybe reply: Lauri Tischler: "Re: Bridge+firewall - possible?"
Reply: Alan Cox: "Re: Bridge+firewall - possible?"

In designing a firewall for our company, we decided it would be best to
build a bridgable, packet-filtering firewall instead of messing with
routes, subnetting, and gateways on our 200+ client machines.

After I got everything set up, I found out that Linux bridging layer
does not go through the packet filter. That makes sense... it's
ethernet vs IP layers.

My question -- is there any way to set up a packet-filtering bridge
using Linux? (including coding)

To forestall some of the more obvious responses: We wanted bridging
instead of routing because we have a Class C that is pretty much full.
Subnetting our address space and setting up the firewall as a gateway
involves much pain, especially since we only have four hosts outside
the firewall, and over 200 inside. Internally, we have a bunch of 3com
SuperStack switches tossing packets around between the various clients.

Advice and comments are welcome.

Jeff

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Olsen: "Re: [Offtopic] chipsfb.c on Intel platforms"
Previous message: Bob Taylor: "Re: Serial line problems"
Next in thread: Lauri Tischler: "Re: Bridge+firewall - possible?"
Maybe reply: Lauri Tischler: "Re: Bridge+firewall - possible?"
Reply: Alan Cox: "Re: Bridge+firewall - possible?"