[TCLUG] Firewall/Router Setup

Tue Jul 16 10:18:41 CDT 2002

I have setup the transparent (bridging) firewalll in linux before.
If you need help let me know I and I'll check my notes.
The really cool thing is that you can also set up queueing and bandwidth 
shaping transparantly.
There is a patch the hooks IP Tables/route back into the bridging code.
So, if you don't want any one computer hogging bandwidth it might be 
worthwhile.

Simeon Johnston wrote:

> Nathan Davis wrote:
>
>> After thinking about this for awhile, I was wonding if I really need to
>> use two *real* ip addresses on the firewall machine.  Or even if there's
>> a way to set up a default route to an interface with no ip address
>> assigned.  Another option might be to have the cisco (and possibly the
>> firewall too) obtain an ip address via dhcp (I don't know how the other
>> end might take this, though), or assign the interface connecting the
>> firewall to the Cisco a "fake" address.
>>
>
> If you want an interface w/ no IP I'd suggest getting the Linux 
> bridging stuff.
> The idea would be to have 3 NIC's actually.  One external (Router -> 
> FW NIC), One for internal NAT'd addresses (any traffic can be 
> forwarded through the firewall to internal hosts), the other would be 
> a bridged interface to a DMZ (allows you to filter ports but doesn't 
> need an IP).
>    There are other ways to set this up also but this is the only way I 
> can think of at the moment to get a firewall without using one of your 
> addresses.  Unless of course you just forward all your traffic through 
> the firewall.  If you want a dedicated address for a specific server 
> instead of all your DNS entries going ot the firewall, the firewall 
> can be multi-homed (multiple addresses/NIC).
>
> I could probably think of a few more ways to get it done but couldn't 
> tell you the "best" way without a bit more info.
>
> sim
>
> _______________________________________________
> Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, 
> Minnesota
> http://www.mn-linux.org
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>