Re: Bridge+firewall - possible?

David Lang (dlang@diginsite.com)
Wed, 9 Dec 1998 05:12:20 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Riccardo Facchetti: "Re: 2.1.131 and obsolete cua*"
Previous message: Thomas Molina: "Re: OFFTOPIC, Linus in the Party"
In reply to: Jeff Garzik: "Bridge+firewall - possible?"

-----BEGIN PGP SIGNED MESSAGE-----

I remember seeing a firewall+bridge howto or mini howto with an
explinationa along the lines of the incoming packet goes through the
packet filters before getting to the bridge code. this was under 2.0 so
the 2.1 ipchains may be different.

David Lang

On Tue, 8 Dec 1998, Jeff Garzik wrote:

> Date: Tue, 8 Dec 1998 18:05:50 -0500 (EST)
> From: Jeff Garzik <jgarzik@pobox.com>
> To: linux-kernel@vger.rutgers.edu
> Subject: Bridge+firewall - possible?
>
> In designing a firewall for our company, we decided it would be best to
> build a bridgable, packet-filtering firewall instead of messing with
> routes, subnetting, and gateways on our 200+ client machines.
>
> After I got everything set up, I found out that Linux bridging layer
> does not go through the packet filter. That makes sense... it's
> ethernet vs IP layers.
>
> My question -- is there any way to set up a packet-filtering bridge
> using Linux? (including coding)
>
> To forestall some of the more obvious responses: We wanted bridging
> instead of routing because we have a Class C that is pretty much full.
> Subnetting our address space and setting up the firewall as a gateway
> involves much pain, especially since we only have four hosts outside
> the firewall, and over 200 inside. Internally, we have a bunch of 3com
> SuperStack switches tossing packets around between the various clients.
>
> Advice and comments are welcome.
>
> Jeff
>
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQEVAwUBNm53Nj7msCGEppcbAQGAYggAyAejfjYCSZu83Zut4K9/DmRFadHPacl/
WDBqPEWcvBgZROuFM+9+XJZe70SP85tefFramHtGYsEbKitNknbULrfgaNLWiRor
b6YkPGA7ueWR0QTqsAFw73tPPVFDwNJ/df0MuaiJ5QdQWxpI58X9R3jjRCFvmYAG
PNmzeZP1jbxLibSUKCKyL6pjLVWmsSWCIpOvuNcO11+2NQ8VJ5GhDhn7/bWFgWiW
pltaTA7upGN1xNZPSHF5mlSFBRzMQ3ry4OxM+dw+fpcsyY3AMuYQmZk2XOtl8gJM
hvDRlopmALcZ0VWnGnmpbx/bbDadWYZB00Z2vDr1lCj47ozKUVN5TA==
=cV7d
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Riccardo Facchetti: "Re: 2.1.131 and obsolete cua*"
Previous message: Thomas Molina: "Re: OFFTOPIC, Linus in the Party"
In reply to: Jeff Garzik: "Bridge+firewall - possible?"