-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi
I've got a special problem: I would like to use a debian box as a firewall with an interface for the internal, external network and one for the dmz. The problem is this: The database server that has to be accessed from the webservers in the dmz is located on the internal net. I would like to attach it with gigabit ethernet if possible, as both the webservers and the database server have such interfaces and because speed matters here. But on the other hand I would like to save the money for an additional gigabit ethernet switch for the dmz. My question is the following: Say, I put 5 interfaces into the firewall box. I would use one, say eth0 for the internal network, eth1 for the external and take eth2, eth3 and eth5 as one bridged device br0 for the dmz. Could I filter traffic between eth0 and br0, resp. eth1 and br0? I ask this question as I often heard that you can't netfilter bridged devices without special kernel patches (of course I do not need to filter between eth2 to eth4). But I can filter between the bridge device and a regular ethx device that is not member of the bridge, can I? The br0 device would save me an additional switch though ;-) I hope that I am not asking a question too silly for this list... I did an RTFM, but I did not find any hint for this problem... Regards Marcel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQE93YCF1EXMUTKVE5URAg37AJ0Vb5zKN6+DzPsKCV9rp1XZRA9x3wCg3DIr gdX3gv3uFDUeoHNimNQYKsU= =2GSl -----END PGP SIGNATURE-----
