[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Using 9.1 as Bridgin Firewall

Quoting Lucky Leavell <susesec@xxxxxxxxxxxxx>:
> OS: SuSE 9.1 with latest patches
> I found the thread on using SuSE as a bridging firewall earlier this year
> but seem to be stuck.
> Topology: 	Internet Side:	xxx.xxx.xxx.1	(Default Gateway)
> 		(Cisco router)
> Bridge:		Defined bridge xxx.xxx.xxx.10 adding eth0 (connected to .1)
> 		and eth1 (LAN side). Default route defined as xxx.xxx.xxx.1
> LAN Side:	Test system xxx.xxx.xxx.29
> I can ping .1, .10 and .29 from the bridge system and even surf the
> internet, etc. I can ping the bridge (.10) from the LAN side (.29) but
> cannot ping the gateway (.1). At this point there are no iptables rules in
> effect (iptables -L shows nothing) and SuSEfirewall2 is disabled.

Out of curiosity, why don't you make the "Bridge" system into a real linux
firewall?  You can have the linux box provide DHCP for a 192.168.x.x block (or
a 10.x.x.x if you prefer) and stop virtually all attacks, rather than just syn
and smurf...

It's been years since I've seen anyone try to "bridge" two networks without real
routing.  SuSEfirewall2 has all you need for setting up the firewall and

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here