Mailinglist Archive: opensuse-security (332 mails)
| < Previous | Next > |
Using 9.1 as Bridgin Firewall
- From: Lucky Leavell <susesec@xxxxxxxxxxxxx>
- Date: Fri, 10 Sep 2004 10:33:25 -0400 (EDT)
- Message-id: <Pine.LNX.4.58.0409101020130.22101@xxxxxxxxxxxxxxxxxxxx>
OS: SuSE 9.1 with latest patches
I found the thread on using SuSE as a bridging firewall earlier this year
but seem to be stuck.
Topology: Internet Side: xxx.xxx.xxx.1 (Default Gateway)
(Cisco router)
Bridge: Defined bridge xxx.xxx.xxx.10 adding eth0 (connected to .1)
and eth1 (LAN side). Default route defined as xxx.xxx.xxx.1
LAN Side: Test system xxx.xxx.xxx.29
I can ping .1, .10 and .29 from the bridge system and even surf the
internet, etc. I can ping the bridge (.10) from the LAN side (.29) but
cannot ping the gateway (.1). At this point there are no iptables rules in
effect (iptables -L shows nothing) and SuSEfirewall2 is disabled.
I have downloaded shorewall 2.0.8 and bridge-utils (from SuSE 9.1 CDs)
but seem to be missing some thing here.
Goal: Use the bridging firewall between a Cisco router and the rest of our
networks to detect/defeat syn flood and smurf attacks. Cisco wants $US
2K/router for the enterprise version of their software to do this (times 4
routers!) which is a major outlay for a small ISP, hence urgency of
getting this to work. (I have a bottom of the line MultiTech RF550VPN on
one of the LAN side systems and even it has no problem stopping these
attacks on the one system - we just need to duplicate this protection on
several subnets.)
Thank you,
Lucky Leavell
I found the thread on using SuSE as a bridging firewall earlier this year
but seem to be stuck.
Topology: Internet Side: xxx.xxx.xxx.1 (Default Gateway)
(Cisco router)
Bridge: Defined bridge xxx.xxx.xxx.10 adding eth0 (connected to .1)
and eth1 (LAN side). Default route defined as xxx.xxx.xxx.1
LAN Side: Test system xxx.xxx.xxx.29
I can ping .1, .10 and .29 from the bridge system and even surf the
internet, etc. I can ping the bridge (.10) from the LAN side (.29) but
cannot ping the gateway (.1). At this point there are no iptables rules in
effect (iptables -L shows nothing) and SuSEfirewall2 is disabled.
I have downloaded shorewall 2.0.8 and bridge-utils (from SuSE 9.1 CDs)
but seem to be missing some thing here.
Goal: Use the bridging firewall between a Cisco router and the rest of our
networks to detect/defeat syn flood and smurf attacks. Cisco wants $US
2K/router for the enterprise version of their software to do this (times 4
routers!) which is a major outlay for a small ISP, hence urgency of
getting this to work. (I have a bottom of the line MultiTech RF550VPN on
one of the LAN side systems and even it has no problem stopping these
attacks on the one system - we just need to duplicate this protection on
several subnets.)
Thank you,
Lucky Leavell
| < Previous | Next > |