[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A better Linux based firewall installation?





Alex Shnitman wrote:

> Hi, Gilad!
> 
> On Wed, Nov 29, 2000 at 12:50:32PM +0200, you wrote the following:
> 
> 
>> The second is to NOT configure your firewall as a router, but rather as 
>> a layer 2 bridge with IP firwalling rules(*2) and not give it an IP at 
>> all (bridges don't need to have an IP to function). Not having an IP 
>> makes overtaking the machine, hm... difficult ;-)
> 
> 
> If the machine doesn't have an IP address, what default route do you
> set up on the other machines on the network so that they can go out?

The IP of your router. The hidden assumption here is that we are talking 
about the usual office LAN, connected via Frame Relay/ISDN/DSL/SIfranet 
or some such to a router on your premises (usually supplied by the ISP).

If you are trying to to set up an El Cheapo PPP+dialup account+NAT sort 
of LAN you'll have to have a dedicated machine to do the PPP and NAT and 
basically be that router.



The setting I described doesn't save you from the need to have a router, 
it just puts the responsibility of peripheral protection (Firewalling) 
on something else, that is (almost) invisble from an IP network point of 
view.

-- 
Gilad Ben-Yossef <gilad@benyossef.com>
http://benyossef.com :: +972(54)756701


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il