Now, if I have this figured correctly, the bridge is transparent to your ISP, so you would need another host behind the bridge to have an address, correct? The use I have in mind would be statically assigned.
Also, I would expect the bridge still to work without having an IP assigned to the bridge (if the only reason to have the IP is for management) if you connect via serial cable for management, right?
Finally, the firewalling aspect of the bridge only works in the FORWARD chain, right? DNAT and SNAT and all that won't work correctly would it? All I want to do is have the bridge do some rough filtering for me, alot of the background noise such as SQL sweeps and backdoor checking. Perhaps an IDS such as Snort, but I don't know yet.
Thanks,
Tony
Tom Eastep wrote:
On Mon, 15 Mar 2004 [EMAIL PROTECTED] wrote:
I see I misread the shorewall requirement line on that page. What extra does full bridge functionaliy give?
I don't completely understand how briding works, just how I made it work with shorewall and bering. The bering user guide said that bridging and shorewall don't work which is why I assumed that shorewall 2.0 had been the difference.
I make the statement that Shorewall doesn't work with bridging because prior to the availability of the experimental code, it was not possible to associate a Shorewall zone with a bridge port. Nevertheless, as you and others have discovered, it is possible to associate a zone with the bridge itself and using ip-address or MAC filtering, it is even possible to control traffic through the bridge.
The new bridge code which will be released in Shorewall 2.0.1 will allow you to associate zones with bridge ports. That is made possible by the fact that the physdev match capability is available as a standard part of the 2.6 kernels (it is still an add-on under 2.4).
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
