[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Using 9.1 as Bridgin Firewall

On Fri, 10 Sep 2004 suse@xxxxxx wrote:

> Quoting Lucky Leavell <susesec@xxxxxxxxxxxxx>:
> >
> > OS: SuSE 9.1 with latest patches
> >
> > I found the thread on using SuSE as a bridging firewall earlier this year
> > but seem to be stuck.
> >
> > Topology: 	Internet Side:	xxx.xxx.xxx.1	(Default Gateway)
> > 		(Cisco router)
> >
> > Bridge:		Defined bridge xxx.xxx.xxx.10 adding eth0 (connected to .1)
> > 		and eth1 (LAN side). Default route defined as xxx.xxx.xxx.1
> >
> > LAN Side:	Test system xxx.xxx.xxx.29
> >
> > I can ping .1, .10 and .29 from the bridge system and even surf the
> > internet, etc. I can ping the bridge (.10) from the LAN side (.29) but
> > cannot ping the gateway (.1). At this point there are no iptables rules in
> > effect (iptables -L shows nothing) and SuSEfirewall2 is disabled.
> >
> Out of curiosity, why don't you make the "Bridge" system into a real linux
> firewall?  You can have the linux box provide DHCP for a 192.168.x.x block (or
> a 10.x.x.x if you prefer) and stop virtually all attacks, rather than just syn
> and smurf...
That was my intention.  First, I want to get the non-trivial bridging part 
to work before complicating things with the firewall part. 

One caveat: The LAN Side IP addresses are not "private" they have public 
IP addresses which must be accessible from the outside.
Caveat #2: The gateway (router), bridge and LAN side are all on the same 
(public) subnet.

Thank you,
Lucky Leavell

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here