On Mon, 15 Mar 2004, Tony wrote: > Now, if I have this figured correctly, the bridge is transparent to your > ISP, so you would need another host behind the bridge to have an > address, correct? The use I have in mind would be statically assigned.
It could also be dynamically assigned. Although the usual application of a bridge/firewall would be BEHIND a local router. See http://www.shorewall.net/bridge.html. > Also, I would expect the bridge still to work without having an IP > assigned to the bridge (if the only reason to have the IP is for > management) if you connect via serial cable for management, right? Please follow the progress of testing of the bridging code on the Shorewall development list. It was recently reported that > > Finally, the firewalling aspect of the bridge only works in the FORWARD > chain, right? DNAT and SNAT and all that won't work correctly would > it? Well, DNAT and SNAT work but only within the confines of a bridge. Remember that a bridge has no (or a trivial) routing table. For example, I'm running Squid as a transparent proxy on my bridge. See http://shorewall.net/myfiles.htm. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html