the main reason for the firewall/router is to have the ability to block spesified ip/ip-classes.
we have a problem of beeing ddos'ed, and whith a firewall like this we could block the traffick before it enters our network at the office. i dont think bridge would work so good, atleast not later when we upgrade the box. currently there are 5 100mbit nic, and later there will be 1 1gbps and 4 100mbit nic. so there must be a solution that accepts the ip-klass from the inside network, and route it through the firewall. the policy of the firewall should be default accept, anders gjare -----Original Message----- From: Vineet Kumar [mailto:[EMAIL PROTECTED] Sent: 21. juni 2001 20:05 To: [email protected] Subject: Re: iptables Do you want your machine to act as an ethernet hub? (duplicating all packets coming on on one interface out on the other) You might be interested in setting it up as a bridge, sort of like a switch between two non-switched half-networks. There's a mini-HOWTO available for bridge setup here: http://www.linuxdoc.org/HOWTO/mini/Bridge.html Otherwise, to just plainly forward things from one interface to the other with no NAT, that's really a routing task, not an iptables task. Just make sure you have ip forwarding enabled and that your routing table is set up to send packets destined for each network on the correct interface. All you'll have to do with iptables is ensure that they're ALLOWed to pass through the FORWARD chain. If you want a more detailed answer, please provide some more details (i.e. which subnet addresses you're using on which interfaces). Vineet * Anders Gj?re ([EMAIL PROTECTED]) [010621 14:08]: > how can i forward everyting from eth0 to eth1 without masquerading with > iptables? > > mvh > anders gj?re > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
