Hi Michael, What you want can be done with the bridging code. I've done that several times using kernel 2.2.16 and bridging patches which are published on http://www.math.leidenuniv.nl/~buytenh/bridge/. There you will also find how to do it. In usr/share/doc/howto/minihowto you can find a minihowto about bridging. Advantage of this kind of bridging: you only need one ip adress and there is no routing. Disadvantage: you lose certain ipchains functionality just as defining policies. Please read more on the bridging homepage. We've done penetration testing against the bridge. It was ok. hth Philipp
Hi all!
I want to protect our network with a firewall that should run on a SuSE machine (kernel 2.2 stable).
There is a router that provides a permantent DSL connection to the net. Normaly this router is the gateway for all machines on the local net - but not I want to put a firewall between.
The network has official ip addresses and all machines shall use these, which means that I do not want to have masquerading.
So I have put the firewall machine between router and local net. I have switched on ip_forwarding and - for testing - have set up all ipchains to ACCEPT. Now it should route/forward everything, yes? But it doesn't. I can ping the firewall machine both from outside and from inside. But I cannot reach another host in the network from outside (and the other way around).
When I try to ping a host in the network from outside I get a answer from my dsl router that this host is not reachable. Maybe the problem is here, I don't know... Do you have an idea? Thanx a lot!
Michael
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com