[ale] Firewall design

Bob Toxen transam at verysecurelinux.com
Wed Jun 1 01:00:20 EDT 2005


On Tue, May 31, 2005 at 04:17:14PM -0400, Joe Steele wrote:
> On Tuesday, May 31, 2005, Christopher Fowler wrote:
> >
> > Is there a way I can plug a Linux box between E-Deltacomm and my Cisco
> > switch and have it do filtering but not have an IP address on either
> > eth0 or eth1.  This could be an invisible inline firewall thingy :)

> What you describe is an ethernet bridging firewall.  
> Take a look at http://ebtables.sourceforge.net/
There's really no need for that.

Just set up your Linux firewall with the "real" IP.  Then set up its
inside network to be IP Masqueraded (NAT'ed).  Then give your inside
systems 10.x.x.x or 192.168.x.x addresses and forward port 80, etc.
to them.

> --Joe
Bob



More information about the Ale mailing list