Hi -
Still plugging away at my Linux bridge/firewall and thinking through the
consequences. In a normal firewall situation, the Internet is on one
side, the internal LAN on the other. Duh! But now, with a Linux bridge
in the middle, the whole thing becomes one big messy LAN. So we have a
scenario that looks like this:
Internal---User---Core-----Firewall---Internet---Internet router
Servers switch switch (Bridged) switch (and default GW for
internal servers)
The scenario is a little more complex than I drew above because the
internal side has more than one LAN segment participating in the bridge.
I'm working on a way to simulate all this here - before going into
production - but I have a big question;
That firewall/bridge is no longer a router - it's a bridge. Well, a
bridge that also does a bunch of stateful IP layer 3 filtering. So now,
it will participate in a spanning tree setup with all those switches, on
both sides of it - right? I'm guessing I want to turn off STP in this
case. Am I on the right track?
Thanks
- Greg Scott
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
