Thank you. So, just for my clarification, if I have eth0 (outside interface) and eth1 as my internal interface and they both are used to form br0, I could assign eth0 an external IP address so that I can ssh into the box for management? Am I following his correctly? Then can I also assign eth1 an internal IP address so that I can manage it from within as well? This won't harm the bridge interface br0? Thank you in advance for all your assistance. Thomas J. Raef e-Based Security, Inc. "You're either hardened, or you're hacked!" -------- Original Message -------- > From: Mohamed Eldesoky <eldesoky.lists@xxxxxxxxx> > Sent: Tuesday, April 26, 2005 3:32 AM > To: traef06@xxxxxxxxxxxxxxxxxx > Subject: Re: Management of bridged iptables > > You can give the firewall an IP address, on any interface, whether > part of the bridge or not part of the bridge. > This will still keep the firewall stealthy (not shown in traceroutes), > as that IP is not a gateway for any server !! > > On 4/26/05, traef06@xxxxxxxxxxxxxxxxxx <traef06@xxxxxxxxxxxxxxxxxx> wrote: > > I've been scouring Google searches looking for an answer. If this is the wrong forum, please forgive me. > > > > I want to be able to setup iptables and I guess ebtables for a bridged firewall. My problem is that I also need to be able > > to manage this remotely like with ssh or something. > > > > How do I do this and still be able to maintain a "stealthy" firewall? > > > > Thank you in advance for any help. > > > > Thomas J. Raef > > e-Based Security, Inc. > > "You're either hardened, or you're hacked!" > > > > > > > -- > Mohamed Eldesoky > www.eldesoky.net > RHCE
