On Fri, 10 Sep 2004 suse@rio.vg wrote:
Quoting Lucky Leavell
: OS: SuSE 9.1 with latest patches
I found the thread on using SuSE as a bridging firewall earlier this year but seem to be stuck.
Topology: Internet Side: xxx.xxx.xxx.1 (Default Gateway) (Cisco router)
Bridge: Defined bridge xxx.xxx.xxx.10 adding eth0 (connected to .1) and eth1 (LAN side). Default route defined as xxx.xxx.xxx.1
LAN Side: Test system xxx.xxx.xxx.29
I can ping .1, .10 and .29 from the bridge system and even surf the internet, etc. I can ping the bridge (.10) from the LAN side (.29) but cannot ping the gateway (.1). At this point there are no iptables rules in effect (iptables -L shows nothing) and SuSEfirewall2 is disabled.
Out of curiosity, why don't you make the "Bridge" system into a real linux firewall? You can have the linux box provide DHCP for a 192.168.x.x block (or a 10.x.x.x if you prefer) and stop virtually all attacks, rather than just syn and smurf...
That was my intention. First, I want to get the non-trivial bridging part to work before complicating things with the firewall part. One caveat: The LAN Side IP addresses are not "private" they have public IP addresses which must be accessible from the outside. Caveat #2: The gateway (router), bridge and LAN side are all on the same (public) subnet. Thank you, Lucky Leavell