[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Using 9.1 as Bridgin Firewall
On Fri, 10 Sep 2004 suse@xxxxxx wrote:
> Quoting Lucky Leavell <susesec@xxxxxxxxxxxxx>:
> > OS: SuSE 9.1 with latest patches
> > I found the thread on using SuSE as a bridging firewall earlier this year
> > but seem to be stuck.
> > Topology: Internet Side: xxx.xxx.xxx.1 (Default Gateway)
> > (Cisco router)
> > Bridge: Defined bridge xxx.xxx.xxx.10 adding eth0 (connected to .1)
> > and eth1 (LAN side). Default route defined as xxx.xxx.xxx.1
> > LAN Side: Test system xxx.xxx.xxx.29
> > I can ping .1, .10 and .29 from the bridge system and even surf the
> > internet, etc. I can ping the bridge (.10) from the LAN side (.29) but
> > cannot ping the gateway (.1). At this point there are no iptables rules in
> > effect (iptables -L shows nothing) and SuSEfirewall2 is disabled.
> Out of curiosity, why don't you make the "Bridge" system into a real linux
> firewall? You can have the linux box provide DHCP for a 192.168.x.x block (or
> a 10.x.x.x if you prefer) and stop virtually all attacks, rather than just syn
> and smurf...
That was my intention. First, I want to get the non-trivial bridging part
to work before complicating things with the firewall part.
One caveat: The LAN Side IP addresses are not "private" they have public
IP addresses which must be accessible from the outside.
Caveat #2: The gateway (router), bridge and LAN side are all on the same
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here