> Yes, it canbe done, although it is tricky. I know it can, since I have > exactly such a setup, and it works very well now, although it was a real > pain in the ass to set up.
as was the bridge with me *g* > > you need a complete bridge and you want to do firewalling (wheres the bridge > > included in the kernel does not packte-filter!) > > The bridge included in 2.4.x kernels is well integrated with the > firewalling code, and you can easily set up rules to filter traffic going > through the bridge. There are also some patches available for recent 2.2.x No, you cannot filter traffic going through the bridge, as far as i know. This has a simple reason: the bridge is ethernet-low-level and does not "know" what IP is, so it can't filter IP. But it can bridge any protocol. This is why there is a patch for the 2.4. kernels as well (but which is broken right now, leading to complete hangups with me) > kernels that enable them to filter packets going through the bridge. I do > not remember the URL, though. This is the patch i'm using, which works quite well, but due to a lot of outdated and misleading documentation took me quite long to setup. It adds two ne chains to ipchains, named bridgein and bridgeout if i remember correctly. (perhaps it's bridgein only) Greetings, Erich
