> > > This bridge/fw is up and running and I just must say, again, that it works > > just fine. > > Willing to submit a testimonial.. ? :)
Of course I am! here it comes, hope its OK. I've compiled and started using bridge/firewall functionality on a RH 7.2 with kernel 2.4.16. I just created the bridge interface as the documentaion said and on that interface I can apply netfilter rules on IP basis (the ordinary in/out is not aviable cause you only got one interface to play with). Connections the the bridge is not made, only access to it is by console (I really dont want anyone tampering with it). For our purpose it works perfectly and it was just the thing I was looking for(!) Right now the amount of rules stops around 30+ (very possible to grow). Alot of local services that shouldnt get outisde the buildning are now secured. We dont have any strange connection to the outside world, just ordinary ethernet at 100MBit. Hardware is 2 eepro 100, CPU AMD 1333Mhz (lots of idle time, its NOT nessesary if you dont have tons of rules and very high bandwidth) ________ _______ _________ _______ _______________ |Internet| |Switch1| | | | | | | -|100MBit |--|100Mbit|--|bridge/fw|--|Switch2|--|clients/servers| |________| |_______| |_________| |_______| |_______________| Some non firewalled server/clusters (public aviables services) connects to switch1, desktop machines, local serviceses, etc etc connects to switch2.. and of course there are some "holes" for services that is both public and local. Thanks for all the help! Regards H�kan ___________________________________ H�kan Stensby National Supercomputer Centre Linkoping University E-mail: hst(at)nsc(dot)liu(dot)se _________________________________ _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
