First, thanks to Lennert and Hakan for your responses. I had a bad day when I sent my former post. I've reviewed it and I've noted I did some non-sense questions. Sorry for that.
>All chains etc works fine, INPUT/OUTPUT chain is only for the HOST ie >in/out traffick from br0. >the FORWARD chains is the one you should use to filter the traffic through >the bridge. Yes, basic netfilter knowledge. And I knew the responses. My apologies. One simple question: I set an IP to br0 so I can administer remotely the machine via ssh2. In this way the machine can be administered from both nics. Is it possible to remove ip to br0 and set to eth0 so the machine could only be administered from eth0 nic? Better said, could it generate some kind of problem with bridging code? I don't think so but please, confirm it. >> 3) Has someone tried to benchmark a machine like this? (fw based on >> linux+bridge+iptables). For instance, which processor and amount of >> memory could it be necessary to reach a 100 MB/s throughtput with a >> x86 machine? I'm very interested in this issue. I know speed depends on rules (if there are many rules load is greater), but I'd like some real-life and more accurate examples. For example, which speed would it be possible to reach with a Pentium 166 with 2 good nics (eepro100, for instance) and with a reasonable amount of rules? Which kind of optimization would you make at kernel compilation time to improve performance? Regards, --Roman _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
