Re: OT: bridging firewall for Comcast static IPv4 addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Dec 03, 2014 at 19:40:01 -0500,
 Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> wrote:
I don't want to rely on their box for firewall rules, so I want to put my own box behind theirs. But can't very well route to an internal firewall a /28 v4 block. I would have to run a briding firewall.
Anyone know of bridging firewall functionality to add to Fedora? Or something else? 

ebtables will let you filter at the link layer level.
If you have a powerful enough router you should be able to use point to point routes for your machines. This will take a lot more horse power to do than if you are using a builtin switch to move frames around. (Though ebtables probably will kill performance as well.)
cerowrt is set up by default to route traffic instead of acting as a bridge. However the default config expects one external IP and uses private addresses for the internal network. So the config won't work out of the box. It is also targeted for WNDR3800s. If you want to use something else, you'll probably want to use openwrt instead. It has almost all of cerowrt in it, but the default setup will be a lot different.
A wndr3800 might be fast enough for you, but the cerowrt project is looking to pick another more powerful target router going forward. (But doesn't seem to be picking very quickly.) On the cerowrt-devel list it was mentioned that the wndr3800 topped out around 50mbit.
I currently have a /26 v4 allocation which I route all over inside my network, but my ISP is only DSL and it is sssllloowww. 


--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux