Linux can do bridging if you compile support for it in the kernel. Most
distributions will require the download and compile of bridge control
tools from http://bridge.sourceforge.net/. IPChains et al. filtering
should work as well on brdged interfaces. I have done it with IPchains but
not yet netfilter.
Esteban Gutierrez
On Thu, 22 Nov 2001, Hiemstra, Brenno wrote:
> Afaik
>
> linux can't do bridging...
>
> OpenBSD's ipf does...
>
> > -----Original Message-----
> > From: Ron DuFresne [SMTP:[EMAIL PROTECTED]]
> > Sent: donderdag 22 november 2001 19:28
> > To: Joseph "Dan" Waggoner
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: INTERNAL Linux Firewall??
> >
> >
> > First point of call, isn't the 2.2.14 kernel subject to some security
> > issues and thus at least 2.2.19 being required?
> >
> > Thanks,
> >
> > Ron DuFresne
> >
> > On Thu, 22 Nov 2001, Joseph "Dan" Waggoner wrote:
> >
> > > Scenario
> > >
> > > Internet <--> Firewall <--> Internal Network
> > >
> > > What I would like to do (explain why later)
> > >
> > > Internet <--> Firewall <--> Internal Network <--> Internal Firewall <-->
> >
> > > RISC/6000
> > >
> > > Have clients who probably need to go with the second option as the
> > services
> > > which are running on the RISC/6000 are NOT what you would like running
> > > unchecked! (ftp, telnet, httpd, and etc). However, the clients cannot
> > > configure or touch the RISC/6000 because to do so would void their
> > contract
> > > with the Service company and annual maintenance agreement. We have sent
> >
> > > several letters over the last several years trying to get the companies
> > > (more than one, seen examples at several different clients) to
> > strengthen
> > > the security of the clients main processor (RISC/6000, HP9000, DEC
> > ALPHA,
> > > and AS/400 for example). So we would like to limit the traffic from the
> >
> > > internal network to ONLY those ports which are necessary, i.e. ports
> > > 300-325 (actually used by some software vendors ??)
> > >
> > > Problem is the RISC box may have an address of 192.168.1.200 and the
> > rest
> > > of the network is populated with address from .1 to .235. So splitting
> > the
> > > RISC off to it's own subnet may not work.
> > >
> > > Here is what I would LIKE to do.
> > >
> > > Linux box, two NIC, ipchains (familiar with it). Setup the internal
> > > firewall to allow traffic from the rest of the network to the RISC box
> > and
> > > log the rest of the connection attempts. I can setup the basic
> > ipchains,
> > > but have a problem getting my home network to work.
> > >
> > > Dual homed host
> > > Laptop <--> Hub <--> NIC0 <--> NIC1 <--> Target System
> > >
> > > Thinking I need set the dual homed host as a bridge, then install the
> > firewall.
> > > Configured the Kernel 2.2.14 to allow for IP forwarding
> > >
> > > Question? Can this be done? And is Bridging the way to go? If not and
> > it
> > > can be done, then how do I do it, or point me to the HOWTO.
> > >
> > > Thank for the help
> > >
> > >
> > > Joseph "Dan" Waggoner, CISA
> > > Information System Security Auditor
> > > Texas Credit Union League
> > >
> > >
> > > _______________________________________________
> > > Firewalls mailing list
> > > [EMAIL PROTECTED]
> > > http://lists.gnac.net/mailman/listinfo/firewalls
> > >
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > "Cutting the space budget really restores my faith in humanity. It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation." -- Johnny Hart
> > ***testing, only testing, and damn good at it too!***
> >
> > OK, so you're a Ph.D. Just don't touch anything.
> >
> > _______________________________________________
> > Firewalls mailing list
> > [EMAIL PROTECTED]
> > http://lists.gnac.net/mailman/listinfo/firewalls
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
