[PLUG] netfilter transparent mode (like SonicWall)
Paul Heinlein
heinlein at madboa.com
Fri Jun 6 17:56:35 UTC 2008
On Fri, 6 Jun 2008, Tim wrote:
>> So anyone have suggestions as to where (specifically) to look for
>> methods of emulating a SonicWall with netfilter/iptables?
>
> Assuming I understand what you're asking, I'd say iptables does this
> by "default" in a sense. In order to implement NAT or NAPT, one
> needs to use the nat table in iptables. If you don't use this, then
> your firewall will just act as a normal filtering router. You just
> need to set up your filter table rules in line with what your
> routes/subnets are and what ports you want open.
>
> If you're actually talking about a bridging-mode firewall, netfilter
> can do that too with ebtables, though I'm not sure if ebtables is
> production-ready for what you're trying to do. I've used it to
> transparently filter access to VMs at the VM host level, but not for
> full networks.
You might try reading "Bridgewalling - Using Netfilter in Bridge
Mode":
http://www.spenneberg.com/talks/linux-kongress2002/ralf-spenneberg.bridgewall.pdf
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the PLUG
mailing list