IPfilter on OpenBSD in bridged mode is a good option.
If you want to spend money the sunscreen or netscreen
are good (both can do true layer 2 bridging).
Going with a real packet filter is always a good idea!
acs
--- "Paul D. Robertson" <[EMAIL PROTECTED]> wrote:
> On Mon, 23 Apr 2001, JR Ponce de Leon wrote:
>
> > Hi everyone.
> >
> > Can somebody point me to a good documentation on
> how to setup a Cisco router
> > as a Bridge/Firewall?
>
> If you're just worried about being able to put your
> router inline, you
> should be able to use an IP unnumbered interface on
> the external side
> of your router and use "normal" extended access
> lists.
>
> > Our internet provider doesn't allow us to manage
> their router which are in
> > our office and we need to setup ACLs. We have
> another Cisco router and I was
> > planning to set it up as a kind of Bridge/Firewall
> between the LAN (Real
> > IPs) and the NET, but I had never dealed with such
> kind of config.
>
> Alternately, you might want to put some sort of *BSD
> box in the middle
> with IPFilter on it, which should packet filter just
> fine in bridge mode
> (I've never done it, but I've heard it's possible.)
>
> > Any suggestions will be very appreciated.
>
> Theoretically, doing IP unnumbered on the outside of
> your router, and
> using the same address or proxy ARPing on the inside
> should work. If
> you're not using routable address space, you can RFC
> 1918 the inside and
> subnet/NAT at will.
>
> If you can get the ISP to cooperate on re-addressing
> the internal
> interface on their router, things will be easier to
> understand/set up.
>
> Paul
>
-----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this
> message are personal opinions
> [EMAIL PROTECTED] which may have no basis
> whatsoever in fact."
>
> -
> [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
