I don't need to perform any NAT. I am just running a bridge acting as a firewall to protect some critical servers. We needed a no cost firewall solution. The firewall is working great, with what I applied. We have Identified a couple kernel modifications we would like to make and need to perform a recompile anyways. Would you send me the exact link to the patches I need to perform just bridge / filtering with the 2.4.10 kernel.
We are going to be running this bridge through some extensive testing next week. Behind the bridge will be:
HP-UX Oracle servers
NT Web servers
Novell File servers (not sure why we are testing this)
Linux Web servers
There has been a large project put together @ Purdue University that I am part of to identify low cost software based firewalls solutions for eventual production use. I am working on the Linux part of this. We are going to get into throughput testing to see what type of load we can put on the bridge (were going to try to break it).
So at this point I am asking for the stablest code I can get my hands on. Thank you for your time. I will provide output back to the site at the end of our test.
--
Mike Cannon
Infrastructure Systems Administrator
Management Information
Purdue University
1061 Freehafer Hall (FREH)
West Lafayette, IN 47907-1061
office phone: 765.494.6357
office fax: 765.496.1380
email: [EMAIL PROTECTED]
-----Original Message-----
From: Lennert Buytenhek [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 28, 2001 11:48 AM
To: Cannon, Mike R.
Subject: Re: [Bridge] 2.4.10
OK.. you are using the development branch of the bridge-nf patch (from
the YYYYMMDD-R directories), while the patch referred to in the mail is
the 'stable branch'. Not a lot of difference between the two, except that
the devel branch does NAT correctly and the stable does not. Neither handles
fragments at the moment.
On Fri, Sep 28, 2001 at 11:38:52AM -0500, Cannon, Mike R. wrote:
> I thought that there was only one patch, that consisted of several patches.
> This is the script I wrote to apply the patches: Should I not be applying
> all of them?
>
>
>
> patch -p0 < 00_ip_rcv_finish.diff
> patch -p0 < 01_ip_forward.diff
> patch -p0 < 10_nf_no_rt_in_conntrack_refrag.diff
> patch -p0 < 11_nf_hook_threshold.diff
> patch -p0 < 12_nf_physinoutdev.diff
> patch -p0 < 13_nf_filter_physinoutdev.diff
> patch -p0 < 14_nf_origsrcdstaddr.diff
> patch -p0 < 15_nf_ipv4_hook_priorities.diff
> patch -p0 < 16_nf_realindev.diff
> patch -p0 < 17_nf_log_physinoutdev.diff
> patch -p0 < 20_br_no_export_no_symbols.diff
> patch -p0 < 21_br_forward_finish.diff
> patch -p0 < 23_br_handle_frame_finish.diff
> patch -p0 < 24_br_dev_xmit.diff
> patch -p0 < 25_br_fdb.diff
> patch -p0 < 30_brnf_infra.diff
> cp br_passthrough.c linux-2.4.9-brnf/net/bridge/netfilter/br_passthrough.c
> --
> Mike Cannon
> Infrastructure Systems Administrator
> Management Information
> Purdue University
> 1061 Freehafer Hall (FREH)
> West Lafayette, IN 47907-1061
>
> office phone: 765.494.6357
> office fax: 765.496.1380
> email: [EMAIL PROTECTED]
>
>
> -----Original Message-----
> From: Lennert Buytenhek [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 28, 2001 11:36 AM
> To: Cannon, Mike R.
> Subject: Re: [Bridge] 2.4.10
>
>
> Which 2.4.9 patch are you using?
>
>
> On Fri, Sep 28, 2001 at 09:08:15AM -0500, Cannon, Mike R. wrote:
>
> > The 2.4.9 patch worked great for me on the 2.4.10 kernel. I saw no
> errors,
> > and the bridge is up filtering for several machines for two days now. Do
> I
> > need to recompile with this new patch?? Should I recompile with the new
> > patch??
> >
> > --
> > Mike Cannon
> > Infrastructure Systems Administrator
> > Management Information
> > Purdue University
> > 1061 Freehafer Hall (FREH)
> > West Lafayette, IN 47907-1061
> >
> > office phone: 765.494.6357
> > office fax: 765.496.1380
> > email: [EMAIL PROTECTED]
> >
> >
> > -----Original Message-----
> > From: Lennert Buytenhek [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, September 27, 2001 3:19 PM
> > To: [EMAIL PROTECTED]
> > Cc: Mike R. Cannon; [EMAIL PROTECTED]
> > Subject: Re: [Bridge] 2.4.10
> >
> >
> > On Tue, Sep 25, 2001 at 03:24:44PM -0400, [EMAIL PROTECTED] wrote:
> >
> > > perhaps you should rename bridge-nf-20010801-against-2.4.6-3.diff?
> >
> > This patch lives on Bart's site. I've put a copy named
> > 'bridge-nf-20010801-against-2.4.10.diff' on the bridge page, and that
> should
> > fix it from my end ;)
> >
> >
> > cheers,
> > Lennert
> >
