On Tue, Jun 19, 2007 at 05:54:46PM -0500, Greg Scott wrote: > Hi - > > Still plugging away at my Linux bridge/firewall and thinking through the > consequences. In a normal firewall situation, the Internet is on one > side, the internal LAN on the other. Duh! But now, with a Linux bridge > in the middle, the whole thing becomes one big messy LAN. So we have a > scenario that looks like this: > > Internal---User---Core-----Firewall---Internet---Internet router > Servers switch switch (Bridged) switch (and default GW for > internal servers) > out of curiosity why would you want to bridge at the firewall. is this meant to be a drop in-line firewall appliance > The scenario is a little more complex than I drew above because the > internal side has more than one LAN segment participating in the bridge. > I'm working on a way to simulate all this here - before going into > production - but I have a big question; > > That firewall/bridge is no longer a router - it's a bridge. Well, a > bridge that also does a bunch of stateful IP layer 3 filtering. So now, > it will participate in a spanning tree setup with all those switches, on > both sides of it - right? I'm guessing I want to turn off STP in this > case. Am I on the right track? if there is only 1 way to connect from the corporate (private LAN) to the public (internet) then I don't think you will need STP - it was meant to stop loops in ethernet segments. If you have multiple paths you might still need it > > Thanks > > - Greg Scott > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
