I tried to setup a firewall last night with one NIC. Let's leave discussions about whether this is a good idea or not out of it :).
I am bringing the public, dmz, and internal networks in on 802.1q vlans. Nothing leaves the box in native mode. The public and dmz network are the same ip network, so I am bridging between the vlan interfaces for those networks with the purpose of filtering on those vlan interfaces when the other problems are solved. The vlans are on a 3com 3300 Superstack 2 switch. The network card for the firewall is in 100 full duplex(I have tried this with a 3c905c and an Intel eepro100). The internet router is a Cisco 2610 and it's ethernet interface is configured for 10 full duplex. Once everything is setup I can ping the bridge ip address and the box on the other side of the bridge from the router. I can send 1500 byte pings with about 99% response. About 8 packets out of 1000 do not get a reply. I am using kernel 2.4.17 bridge netfilter patch for 2.4.17 802.1q patches for 3c59x and eepro100(tried each) latest netfilter cvs patch-o-matic selections Any ideas? Jeremy Sanders, CCNP CNE Senior Systems Engineer Teklinks, Inc. _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
