On Mon, Dec 03, 2001 at 03:34:15PM +0100, RoMaNSoFt wrote: > 1) I've set up a two-ports bridge named "br0". I've done some fast > tests. I can filtering by eth0, eth1 and br0 but I haven't got clear > which chains could I use with the various interfaces. I think bridge's > faq said that currently only the forward chain would work
Can you recall where exactly you read this? > but it seems > other chains also work (input, eg). Is somebody so kind to talk about > this issue? All chains should working (including the NAT ones). > 2) Another Q: since I only want to use this machine as firewall does > it make sense to filtering by using the br0 device? I mean, perhaps > it's faster and more reliable to filter basing on eth0 and eth1 > devices, isn't it? Some tips about this issue? I'm not sure what exactly you mean here. > 3) Has someone tried to benchmark a machine like this? (fw based on > linux+bridge+iptables). For instance, which processor and amount of > memory could it be necessary to reach a 100 MB/s throughtput with a > x86 machine? I haven't done extensive benchmarks, but I know that a dual PIII 800 is pretty bored with 120Mbit. cheers, Lennert _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
