----- Forwarded message from michael@xxxxxxxxx -----
Date: Mon, 10 May 2004 10:36:27 -0700
From: michael@xxxxxxxxx
Reply-To: michael@xxxxxxxxx
Subject: Re: How to drop/reject packets amongst LAN clients?
To: Cedric Blancher <blancher@xxxxxxxxxxxxxxxxxx>
Fantastic mailing list!
I just finished a response to Antony Stone in which I inquired about a
possible 3rd NIC. I checked my email at the same time and see your
response with an answer about the very inquiry I made only a minute
before! :-)
Thank you so much for your input.
I think I will read up on this and see if it's something I can handle.
Mike
Quoting Cedric Blancher <blancher@xxxxxxxxxxxxxxxxxx>:
> your box. If you want to achieve this, then you have a Linux box a a
> filtering bridge. Cheap quick recipe would be to add a third
> ethernet
> interface to your box and configure it like this :
>
> eth0 gos to the internet
> eth1 goes to a switch where *.2 to *.6 are connected
> eth2 goes to a switch where *.7 to *.9 are connected
> create a bridge (br0) to which belong eth1 and eth2.
> assign br0 former eth1 IP
>
> Activate bridge filtering (available in stock 2.6 kernels) using
> Netfilter and you're done. Just filter traffic in FORWARD chain,
> using
> physdev match to specify eth1 and eth2 and incoming and/or outgoing
> interface, and restrict traffic other than IP stuff using ebtables.
>
> See http://ebtables.sourceforge.net/ documentation section.
>
>
> --
> http://www.netexit.com/~sid/
> PGP KeyID: 157E98EE FingerPrint:
> FA62226DA9E72FA8AECAA240008B480E157E98EE
> >> Hi! I'm your friendly neighbourhood signature virus.
> >> Copy me to your signature file and help me spread!
>
----- End forwarded message -----
