Transparent Firewalling
Alfred
alfred at mazuma.net.au
Sun Jan 13 20:05:49 EST 2002
You could implement an ethernet bridge :) This could do accounting (based on
MAC frames) and it would be transparent.
Proxy ARP simply passes ARP requests across interfaces, very handy at times
:)
All you need to is echo "1" to
/proc/sys/net/ipv4/conf/<interface>/proxy_arp
where interface is eth0,eth1,etc.
Add this to the iptables rules and packets should flow transparently.
----- Original Message -----
From: "Martijn van Oosterhout" <kleptog at svana.org>
To: <andrew at bishop.dropbear.id.au>
Cc: "Canberra Linux Users Group" <linux at samba.org>
Sent: Sunday, January 13, 2002 7:20 PM
Subject: Re: Transparent Firewalling
> On Sun, Jan 13, 2002 at 07:23:04PM +1100, andrew at bishop.dropbear.id.au
wrote:
> > On Sun, 13 Jan 2002, Howard Lowndes wrote:
> >
> > > Simply, without any firewalling, etc. on a double homed box, eth0 and
eth1
> > >
> > > echo 1 >/proc/sys/net/ipv4/ip_forward
> > > iptables -P INPUT DROP
> > > iptables -P OUTPUT DROP
> > > iptables -P FORWARD DROP
> > > iptables -A FORWARD -i eth0 -o eth1
> > > iptables -A FORWARD -i eth1 -o eth0
> >
> > That will route and account, sure, but it isn't transparent.
>
> What I think you want is some kind of proxy arp. Look up the arp command
> and/or the proxy_arp options in /proc/sys/net/ipv4/conf.
>
> --
> Martijn van Oosterhout <kleptog at svana.org>
> http://svana.org/kleptog/
> > Terrorists can only take my life. Only my government can take my
freedom.
>
More information about the linux
mailing list