Transparent Firewalling

Howard Lowndes lannet at
Sun Jan 13 18:30:33 EST 2002

Simply, without any firewalling, etc. on a double homed box, eth0 and eth1

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -i eth0 -o eth1
iptables -A FORWARD -i eth1 -o eth0

To read the traffic:
iptables -L FORWARD -vnx
will give you the bytes and packets in each direction.

On Sun, 13 Jan 2002, Nathan Le Nevez wrote:

> Gurus,
> Does anyone out there have an in-depth knowledge of Proxy ARP? I have a
> Class C network with a gateway box (that we cant touch) and we want to
> implement some sort of IP Accounting. My idea was to stick a linux box in
> between the gateway and the rest of the network and do some IPTables rules
> but as yet have had no luck. I need to be able to set this up without
> changing the configuration of any other machines.
> Any help/ideas would be greatly appreciated.
> Cheers,
> Nathan

LANNet Computing Associates - Your Linux people
Contact detail at
 "We are either doing something, or we are not.
 'Talking about' is a subset of 'not'."

More information about the linux mailing list