On Mon, May 27, 2002 at 10:11:32AM +1200, Mark Carey wrote: > > If the networks are bridged, what is the issue?? why can't you just > > run the x clients on one machine and the x server on another macine, > > like on a normal lan? > > Ok, "bridge" was a bad choice of word. Firewall is probably better as > ideally machine A would just have 2 NIC's and run IPTables NAT/DNAT and > a bit of other stuff. How does this differ from a bridge?
You dont need NAT/DNAT for this. NAT/DNAT are just one extended feature of the Linux ipfilter stuff. For all intents and purposes, you wont need ip filtering for this, unless you want to put strong access control on the subnets accessing each other. A bridge is slightly more confusing. it effectively makes the "firewall" into a bit of a black box, making both networks into one. Machines on both side will have the same IP, and the bridge will magically pass on packets, as if machines on both sides were on the same physical ethernet segment. This is overkill... a perfect example of where you'd use this would be on a wireless Access Point. all traffic to and from wireless nodes into the physical network, need to go through this "bridge" - it does the magic so you dont need to have different subnets and all that. > > I'm guessing you have reasons not to turn A into a network router. > > (which is the easiest method - since X is just a client server protocol) > > Is there a router HOWTO available? echo "1" > /proc/sys/net/ip_forward Plus appropriate rules in your FORWARD table. (I.e, Allow traffic to and from networks 1 and 2) Mike. -- Michael Beattie <[EMAIL PROTECTED]> "Sometimes I think that the surest sign that intellegent life exists elsewhere in the universe is that none of it has tried to contact us."
