[Gllug] Firewalls

Tethys tet at accucard.com
Tue Feb 18 14:06:23 UTC 2003


Matthew Thompson writes:

>I need a firewall - ideally to run on an old box - to protect me from 
>the scourges of the Internet. Trouble is I have a fully routed 
>connection and most of the one floppy LEAF distributions only have 
>documentation for NAT based setups or you need to assign all the IP 
>addresses to the firewall.

Just run a transparent bridging firewall. There's a tutorial on how
to do this with OpenBSD here:

	http://www.daemonnews.org/200103/ipf_bridge.html

It's probably fairly simple to do the same with Linux, but OpenBSD's
always been fine for all my firewalling needs, so I've never really
looked into what Linux can do in that area.

>I can't run like this as I need to access 2 different VPNs - one of 
>which won't work through NAT.

Just curious... what does it do that doesn't work with NAT? Are you
sure it doesn't work with NAT, or does it just not work with Cisco
NAT? Rather than doing true packet rewriting, Cisco routers have a
habit of just encapsulating the original packet, which means the
destination machine can see that it's been NATed. If the packet's
being properly rewritten, the app doesn't know unless the application
level protocol embeds IP addressing information as well (which is
pretty rare).

Tet

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list