On Wed, Aug 22, 2001 at 11:04:16AM -0400, Jeremy Rumpf wrote:
> Hello all,
Hi,
> My main question is, can I do something like this:
>
> iptables -t filter -I FOWARD -s 128.146.105.13/32 -i eth0 -o eth1 -j ALLOW
> iptables -t filter -I FOWARD -d 128.146.105.13/32 -i eth1 -o eth0 -j ALLOW
Provided s/ALLOW/ACCEPT/, yes, no problem.
You should take care to protect against IP spoofing ('borrowing') in such a
setup though. A nonauthenticated box could borrow the IP of an authenticated
box and get unauthorised access that way. I would advise you combine this
with MAC address filtering on the bridge, and MAC address filtering on your
switches.
> FYI, The ip address 128.146.105.13 is passed to the bridge manager when
> authentication takes place. I do this by transparent proxying any web request
> of any non-authenticated user back to an apache server running on the local
> bridge. The apache/PHP interacts to the bridge manager over a local unix
> domain socket. Should be pretty cool, if all the peices work :).
I think it should.. :)
cheers,
Lennert
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
