Transparent Firewalling
Nathan Le Nevez
npl at acis.com.au
Mon Jan 14 09:12:04 EST 2002
Thanks Howards,
How about individual byte counters based on source IP? :-)
- Nathan
-----Original Message-----
From: Howard Lowndes [mailto:lannet at lannet.com.au]
Sent: Sunday, 13 January 2002 6:31 PM
To: Nathan Le Nevez
Cc: linux at samba.org
Subject: Re: Transparent Firewalling
Simply, without any firewalling, etc. on a double homed box, eth0 and
eth1
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -i eth0 -o eth1
iptables -A FORWARD -i eth1 -o eth0
To read the traffic:
iptables -L FORWARD -vnx
will give you the bytes and packets in each direction.
On Sun, 13 Jan 2002, Nathan Le Nevez wrote:
> Gurus,
>
> Does anyone out there have an in-depth knowledge of Proxy ARP? I have
> a Class C network with a gateway box (that we cant touch) and we want
> to implement some sort of IP Accounting. My idea was to stick a linux
> box in between the gateway and the rest of the network and do some
> IPTables rules but as yet have had no luck. I need to be able to set
> this up without changing the configuration of any other machines.
>
> Any help/ideas would be greatly appreciated.
>
> Cheers,
>
> Nathan
>
>
--
Howard.
LANNet Computing Associates - Your Linux people
Contact detail at http://www.lannetlinux.com
"We are either doing something, or we are not.
'Talking about' is a subset of 'not'."
More information about the linux
mailing list