Afaik linux can't do bridging...
OpenBSD's ipf does... > -----Original Message----- > From: Ron DuFresne [SMTP:[EMAIL PROTECTED]] > Sent: donderdag 22 november 2001 19:28 > To: Joseph "Dan" Waggoner > Cc: [EMAIL PROTECTED] > Subject: Re: INTERNAL Linux Firewall?? > > > First point of call, isn't the 2.2.14 kernel subject to some security > issues and thus at least 2.2.19 being required? > > Thanks, > > Ron DuFresne > > On Thu, 22 Nov 2001, Joseph "Dan" Waggoner wrote: > > > Scenario > > > > Internet <--> Firewall <--> Internal Network > > > > What I would like to do (explain why later) > > > > Internet <--> Firewall <--> Internal Network <--> Internal Firewall <--> > > > RISC/6000 > > > > Have clients who probably need to go with the second option as the > services > > which are running on the RISC/6000 are NOT what you would like running > > unchecked! (ftp, telnet, httpd, and etc). However, the clients cannot > > configure or touch the RISC/6000 because to do so would void their > contract > > with the Service company and annual maintenance agreement. We have sent > > > several letters over the last several years trying to get the companies > > (more than one, seen examples at several different clients) to > strengthen > > the security of the clients main processor (RISC/6000, HP9000, DEC > ALPHA, > > and AS/400 for example). So we would like to limit the traffic from the > > > internal network to ONLY those ports which are necessary, i.e. ports > > 300-325 (actually used by some software vendors ??) > > > > Problem is the RISC box may have an address of 192.168.1.200 and the > rest > > of the network is populated with address from .1 to .235. So splitting > the > > RISC off to it's own subnet may not work. > > > > Here is what I would LIKE to do. > > > > Linux box, two NIC, ipchains (familiar with it). Setup the internal > > firewall to allow traffic from the rest of the network to the RISC box > and > > log the rest of the connection attempts. I can setup the basic > ipchains, > > but have a problem getting my home network to work. > > > > Dual homed host > > Laptop <--> Hub <--> NIC0 <--> NIC1 <--> Target System > > > > Thinking I need set the dual homed host as a bridge, then install the > firewall. > > Configured the Kernel 2.2.14 to allow for IP forwarding > > > > Question? Can this be done? And is Bridging the way to go? If not and > it > > can be done, then how do I do it, or point me to the HOWTO. > > > > Thank for the help > > > > > > Joseph "Dan" Waggoner, CISA > > Information System Security Auditor > > Texas Credit Union League > > > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > > OK, so you're a Ph.D. Just don't touch anything. > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
