[PLUG] netfilter transparent mode (like SonicWall)
Roderick A. Anderson
raanders at acm.org
Fri Jun 6 19:56:47 UTC 2008
Paul Heinlein wrote:
> On Fri, 6 Jun 2008, Tim wrote:
>
>>> So anyone have suggestions as to where (specifically) to look for
>>> methods of emulating a SonicWall with netfilter/iptables?
>> Assuming I understand what you're asking, I'd say iptables does this
>> by "default" in a sense. In order to implement NAT or NAPT, one
>> needs to use the nat table in iptables. If you don't use this, then
>> your firewall will just act as a normal filtering router. You just
>> need to set up your filter table rules in line with what your
>> routes/subnets are and what ports you want open.
>>
>> If you're actually talking about a bridging-mode firewall, netfilter
>> can do that too with ebtables, though I'm not sure if ebtables is
>> production-ready for what you're trying to do. I've used it to
>> transparently filter access to VMs at the VM host level, but not for
>> full networks.
>
> You might try reading "Bridgewalling - Using Netfilter in Bridge
> Mode":
>
> http://www.spenneberg.com/talks/linux-kongress2002/ralf-spenneberg.bridgewall.pdf
Thanks Paul. This looks to be what I am looking for. Printing it right
now so I can give it a careful read.
Rod
--
More information about the PLUG
mailing list