Marco Tassinari writes: > > >> Maybe you could give server's address to firewall ;-) Then you don't > >> have to touch router's configuration. > > Good idea! But is it a Good Thing? mhhh... yes, it seems! > Ok, as a definitive solution I'll do it and update to You definitly don't have to update to iptables and 2.4 kernels to NAT.
> iptables to re-NAT the real address of the server. For now I'll just > enable bridging in the kernel and filter connections in the 'bridge' chain > of ipchains. It's faster enougth! > By the way, I have to patch the kernel 2.2.17 (or 18 or 19) > to do bridging, isnt'it? You don't have to patch your kernel, however, if you didn't compiled it yourself, enabling bridging, nat (and so on) modules needed, you must recompile your kernel. For the moment, i don't use kernel-package and kernel-sources-<version> to compile and install my kernel(s), but it may (must ;-) be a good solution to begin (and to end ...). Last thing, i'm wondering why you need bridging ? I presume you are making a mismatch between NAT and Ethernet-Bridging, which are significantly different ... You should take a look to kernel docs and read a little about bridging (i think you don't need it, but i may be wrong, may i missed something) ... Now it's time to compile ... Information about those things are outside the scope of this list i suppose. Regards. -- Davy Gigan System & Network Administration University Of Caen (France)
