[ale] Firewall design
Bob Toxen
transam at verysecurelinux.com
Wed Jun 1 01:00:20 EDT 2005
On Tue, May 31, 2005 at 04:17:14PM -0400, Joe Steele wrote:
> On Tuesday, May 31, 2005, Christopher Fowler wrote:
> >
> > Is there a way I can plug a Linux box between E-Deltacomm and my Cisco
> > switch and have it do filtering but not have an IP address on either
> > eth0 or eth1. This could be an invisible inline firewall thingy :)
> What you describe is an ethernet bridging firewall.
> Take a look at http://ebtables.sourceforge.net/
There's really no need for that.
Just set up your Linux firewall with the "real" IP. Then set up its
inside network to be IP Masqueraded (NAT'ed). Then give your inside
systems 10.x.x.x or 192.168.x.x addresses and forward port 80, etc.
to them.
> --Joe
Bob
More information about the Ale
mailing list