On Fri, Sep 28, 2001 at 12:43:03PM -0500, Cannon, Mike R. wrote:
> I don't need to perform any NAT. I am just running a bridge acting as a
> firewall to protect some critical servers. We needed a no cost firewall
> solution. The firewall is working great, with what I applied. We have
> Identified a couple kernel modifications we would like to make and need to
> perform a recompile anyways. Would you send me the exact link to the
> patches I need to perform just bridge / filtering with the 2.4.10 kernel.
In that case, you will probably be best off with the stable branch.
http://bridge.sf.net/devel/bridge-nf/HOWTO
Beware that it doesn't filter fragments properly.
> We are going to be running this bridge through some extensive testing next
> week. Behind the bridge will be:
> HP-UX Oracle servers
> NT Web servers
> Novell File servers (not sure why we are testing this)
In case you run IPX, that isn't filtered at all by the bridge.
> There has been a large project put together @ Purdue University that I am
> part of to identify low cost software based firewalls solutions for eventual
> production use. I am working on the Linux part of this. We are going to
> get into throughput testing to see what type of load we can put on the
> bridge (were going to try to break it).
This is heavily dependent on your hardware and NIC drivers. If you really
want to go to the extreme, get a Tulip-based NIC and use this driver:
ftp://robur.slu.se/pub/Linux/net-development/tulip-ss010402-poll.tar.gz
It's reported to sustain up to 200kpps.
cheers,
Lennert
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
