[PLUG] netfilter transparent mode (like SonicWall)
Roderick A. Anderson
raanders at acm.org
Fri Jun 6 20:00:42 UTC 2008
Tim wrote:
>> So anyone have suggestions as to where (specifically) to look for
>> methods of emulating a SonicWall with netfilter/iptables?
>
> Assuming I understand what you're asking, I'd say iptables does this by
> "default" in a sense. In order to implement NAT or NAPT, one needs to
> use the nat table in iptables. If you don't use this, then your
> firewall will just act as a normal filtering router. You just need to
> set up your filter table rules in line with what your routes/subnets are
> and what ports you want open.
>
> If you're actually talking about a bridging-mode firewall, netfilter can
> do that too with ebtables, though I'm not sure if ebtables is
> production-ready for what you're trying to do. I've used it to
> transparently filter access to VMs at the VM host level, but not for
> full networks.
Yes thanks for the pointers. Between this and Paul's post I should be
able to find what I need.
> As for documentation, there's obviously plenty of iptables/ebtables
> tutorials out there, all with their own approach. If you'd like to the
> way I approach iptables rulesets, come to the next advanced topics talk
> since I'll be covering a bit of that in relation to IPv6 (but largely
> applies to IPv4 as well).
Thanks for the offer. I'll try to schedule a visit to Portland when
there is an advanced topics meeting. (Yup! I'm in North Idaho.)
Rod
--
>
> good luck,
> tim
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
More information about the PLUG
mailing list