Transparent Firewalling
Martijn van Oosterhout
kleptog at svana.org
Sun Jan 13 19:20:37 EST 2002
On Sun, Jan 13, 2002 at 07:23:04PM +1100, andrew at bishop.dropbear.id.au wrote:
> On Sun, 13 Jan 2002, Howard Lowndes wrote:
>
> > Simply, without any firewalling, etc. on a double homed box, eth0 and eth1
> >
> > echo 1 >/proc/sys/net/ipv4/ip_forward
> > iptables -P INPUT DROP
> > iptables -P OUTPUT DROP
> > iptables -P FORWARD DROP
> > iptables -A FORWARD -i eth0 -o eth1
> > iptables -A FORWARD -i eth1 -o eth0
>
> That will route and account, sure, but it isn't transparent.
What I think you want is some kind of proxy arp. Look up the arp command
and/or the proxy_arp options in /proc/sys/net/ipv4/conf.
--
Martijn van Oosterhout <kleptog at svana.org>
http://svana.org/kleptog/
> Terrorists can only take my life. Only my government can take my freedom.
More information about the linux
mailing list