Transparent Firewalling

Nathan Le Nevez npl at
Mon Jan 14 09:12:04 EST 2002

Thanks Howards,

How about individual byte counters based on source IP? :-)

- Nathan

-----Original Message-----
From: Howard Lowndes [mailto:lannet at] 
Sent: Sunday, 13 January 2002 6:31 PM
To: Nathan Le Nevez
Cc: linux at
Subject: Re: Transparent Firewalling

Simply, without any firewalling, etc. on a double homed box, eth0 and

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -i eth0 -o eth1
iptables -A FORWARD -i eth1 -o eth0

To read the traffic:
iptables -L FORWARD -vnx
will give you the bytes and packets in each direction.

On Sun, 13 Jan 2002, Nathan Le Nevez wrote:

> Gurus,
> Does anyone out there have an in-depth knowledge of Proxy ARP? I have 
> a Class C network with a gateway box (that we cant touch) and we want 
> to implement some sort of IP Accounting. My idea was to stick a linux 
> box in between the gateway and the rest of the network and do some 
> IPTables rules but as yet have had no luck. I need to be able to set 
> this up without changing the configuration of any other machines.
> Any help/ideas would be greatly appreciated.
> Cheers,
> Nathan

LANNet Computing Associates - Your Linux people
Contact detail at
 "We are either doing something, or we are not.
 'Talking about' is a subset of 'not'."

More information about the linux mailing list