[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: A better Linux based firewall installation?
- To: IGLU <linux-il(at-nospam)cs.huji.ac.il>
- Subject: RE: A better Linux based firewall installation?
- From: =?windows-1255?Q?=F4=E5=F4=E5=E1_=E9=E1=E2=F0=E9?= <epopov(at-nospam)MEKOROT.CO.IL>
- Date: Wed, 29 Nov 2000 14:18:09 +0200
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Seems you can transparently define your external router IP ( ISP router )
sitting on the other side of your bridge/firewall as default gateway for all
the protected machines. The bridge cares to provide you with ARP responce
for routers's MAC.
===========================================================
= Evgeny Popov ===================== epopov@mekorot.co.il =
= Water Management SCADA Centers Developer =
= NT & Unix System Administrator =
= ELECTRICAL & MECHANICAL SERVICES =
= SUBSIDIARY OF MEKOROT WATER CO.LTD =
> -----Original Message-----
> From: Alex Shnitman [SMTP:alexsh@hectic.net]
> Sent: ד 29 נובמבר 2000 13:44
> To: Linux-IL mailing list
> Subject: Re: A better Linux based firewall installation?
>
> Hi, Gilad!
>
> On Wed, Nov 29, 2000 at 12:50:32PM +0200, you wrote the following:
>
> > The second is to NOT configure your firewall as a router, but rather as
> > a layer 2 bridge with IP firwalling rules(*2) and not give it an IP at
> > all (bridges don't need to have an IP to function). Not having an IP
> > makes overtaking the machine, hm... difficult ;-)
>
> If the machine doesn't have an IP address, what default route do you
> set up on the other machines on the network so that they can go out?
>
>
> --
> Alex Shnitman | http://www.debian.org
> alexsh@hectic.net, alexsh@linux.org.il +-----------------------
> http://alexsh.hectic.net UIN 188956 PGP key on web page
> E1 F2 7B 6C A0 31 80 28 63 B8 02 BA 65 C7 8B BA
>
> I drive way too fast to worry about cholesterol.
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il