Hello all,
I'm going to try and implement a type of bridge that will sit between our
computer labs and the rest of the campus network. In order for the users to
be able to get passage through the bridge (thus use the network beyond the
lab) they'll have to authenticate with the bridge. I currently have a type of
"bridge manager" software in the works that will track the iptable rules and
features kerberos authentication. My main delema is that the bridge manager
needs to know which side the lab lan is on and which side the campus network
is on.
I can do this by configuring it with the ipaddress range of each, simple
enough. Rules per authenticated host may appear like this:
iptables -t fiilter -I FORWARD -s 128.146.105.13/32 -d ! 128.146.105.0/24 -j
ALLOW
iptables -t fiilter -I FORWARD -d 128.146.105.13/32 -s ! 128.146.105.0/24 -j
ALLOW
My main question is, can I do something like this:
iptables -t filter -I FOWARD -s 128.146.105.13/32 -i eth0 -o eth1 -j ALLOW
iptables -t filter -I FOWARD -d 128.146.105.13/32 -i eth1 -o eth0 -j ALLOW
Does the bridge identify which interface the packet arrives on and is
destined to leave on? If I could do this, then when the bridges are installed
I can simply tell them to make sure the lab lan is plugged into THIS
interface vs. having to actually configure the ip address range of the lab
lan into the bridge.
FYI, The ip address 128.146.105.13 is passed to the bridge manager when
authentication takes place. I do this by transparent proxying any web request
of any non-authenticated user back to an apache server running on the local
bridge. The apache/PHP interacts to the bridge manager over a local unix
domain socket. Should be pretty cool, if all the peices work :).
Thanks,
Jeremy
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
