alfred at mazuma.net.au
Sun Jan 13 20:05:49 EST 2002
You could implement an ethernet bridge :) This could do accounting (based on
MAC frames) and it would be transparent.
Proxy ARP simply passes ARP requests across interfaces, very handy at times
All you need to is echo "1" to
where interface is eth0,eth1,etc.
Add this to the iptables rules and packets should flow transparently.
----- Original Message -----
From: "Martijn van Oosterhout" <kleptog at svana.org>
To: <andrew at bishop.dropbear.id.au>
Cc: "Canberra Linux Users Group" <linux at samba.org>
Sent: Sunday, January 13, 2002 7:20 PM
Subject: Re: Transparent Firewalling
> On Sun, Jan 13, 2002 at 07:23:04PM +1100, andrew at bishop.dropbear.id.au
> > On Sun, 13 Jan 2002, Howard Lowndes wrote:
> > > Simply, without any firewalling, etc. on a double homed box, eth0 and
> > >
> > > echo 1 >/proc/sys/net/ipv4/ip_forward
> > > iptables -P INPUT DROP
> > > iptables -P OUTPUT DROP
> > > iptables -P FORWARD DROP
> > > iptables -A FORWARD -i eth0 -o eth1
> > > iptables -A FORWARD -i eth1 -o eth0
> > That will route and account, sure, but it isn't transparent.
> What I think you want is some kind of proxy arp. Look up the arp command
> and/or the proxy_arp options in /proc/sys/net/ipv4/conf.
> Martijn van Oosterhout <kleptog at svana.org>
> > Terrorists can only take my life. Only my government can take my
More information about the linux