|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
I was going to suggest the bridge method too as an innovative method of
firewalling without subnetting.
I have actually tried this and it works a treat - I applied the diffs to a
2.4.9 kernel and it worked, no problems. This is arguably more secure than
a conventional firewall as you don't need any IP addresses on the firewall
itself - even if you want an IP address on the firewall for management you
can just put one on the "inside" interface and keep things nice and secure....
I think you can also do NAT with the bridge firewall, and yes there is a point!
Graham.
At 18:28 27/11/2001, you wrote:
>NAT is probably the best way to setup the network if at all possible.
>You get the most security from doing it this way. However, if for some
>reason you can't (you have tons of machines pointed at the gateway and
>can't change them easily or etc). You can put a bridge between the
>router and the rest of the network.
>
>http://bridge.sourceforge.net/
>
>This page has the source for bridging in a linux 2.4 kernel (should
>already be in 2.4 kernels) and also firewalling from that bridge(which
>I don't believe is in the 2.4 kernel). I have not tried the 2.4 kernel
>(however I'm fixing to) with this patch, but I have been using it to
>easily firewall 2500 machines (mac, unix, linux, windows, and etc) that
>could not be easily reconfigured to point at a new gateway.
>
>I still believe nat is your best solution and provides the most
>security, but it is not always feasable to re-point the clients to the
>new router. This should give you an alternative method.
>
>Robert
>
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
[Home] [Fedora Announce] [Linux Crypto] [Kernel] [Netfilter] [Video for Linux] [Bugtraq] [USB] [Network Security] [Fedora Security]
|