[TriLUG] fIREWALL QUESTION

Jon Carnes jonc at nc.rr.com
Fri Jan 3 13:57:54 EST 2003


Sounds more like he wants to bridge two interfaces (I'm guessing via VPN
or direct telco connect) and then route/NAT all the other
addresses/Interfaces.

I know you can easily do this using two Linux servers.  It's going to be
challenging doing this on one.

BSD's firewall rules can be setup using MAC as well as InterFace or
Source IP.  I'm sure Linux's kernel has that ability too - though you
might need to roll your own kernel to get the MAC stuff working.

Good Luck, and keep us in the loop.  I know that I'm interested in what
you find out.

Jon 

On Fri, 2003-01-03 at 12:03, Chris Knowles wrote:
> And if you're looking for a reportedly easy way to do it, Shorewall
> (www.shorewall.net) firewall can help you to do proxyarp.  
> 
> CJK
> 
> On Fri, 2003-01-03 at 11:33, Tanner Lovelace wrote:
> > On Fri, 2003-01-03 at 11:30, Jim Ray wrote:
> > > Please correct me if I'm wrong; however, me thinks firewalls in general
> > > do not operate at the arp/mac level but rather ip and the next layer
> > > (tcp, udp).  All the arp/mac stuff takes place at a lower network layer
> > > and should not enter the firewall picture at all.
> > > 
> > > I've never seen any settings for arp/mac stuff in any firewall I've ever
> > > used.  Plenty of settings for ip and port stuff, though.
> > 
> > Actually, what I think he meant was, can a linux box ask for and
> > receive packets for a particular mac address (presumably not its
> > own) and then once it has them, subject them to its firewall setup.
> > 
> > Ryan, I've never done it myself, but you might try looking for
> > something called proxyarp.  I think that will do what you want.
> > 
> > Good luck,
> > Tanner
> -- 
> ==
> Chris Knowles
> chrisk at trilug.org
> ==
> +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot +++
> (Hogfather)
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html





More information about the TriLUG mailing list