On Mit, 29 Okt 2003, Benjamin Goedeke wrote:
> http://bridge.sf.net to replace the firewall once the transition to
Our bridged/fw was running 160 day with code from there. Now I have
installed a new kernel (2.4.22) with the current ebtables code
(ebtables.sf.net) which can do even more, although I don't need it. But
ebtables is the code in 2.6 and actively maintained, while the
bridge.sf.net code is not maintained anymore.
Go for it. It is easy, one patch. And then you can do ALL (contrary to
the opinion of another reply) you can do with iptables on the forward
table. Very nice and easy. (There were restrictions in the code for
linux 2.2, but in 2.4 they are lifted). On the ebtables page there are
also lots of interesting articles on the general setup, interaction etc.
It is in 2.6, it is stable (160 days up, reboot only for new kernel).
> The one obvious advantage is that the bridge doesn't have an IP address
Well, not necessary. Ours have a IP adress, but is completely closed
from the outside, while I can log in from the inside.
Another advantage: If you have a broken bridge you just plug in a
crossed out cable and everything is running still fine (although without
a firewall), while you reboot or fix the bridge. With NAT this is
impossible.
Best wishes
Norbert
-------------------------------------------------------------------------------
Norbert Preining <preining AT logic DOT at> Technische Universität Wien
gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
`If there's anything more important than my ego around, I
want it caught and shot now.'
--- Zaphod.
--- Douglas Adams, The Hitchhikers Guide to the Galaxy