Try ebtables instead of iptables What is ebtables? The ebtables program is a filtering tool for a bridging firewall. Thefiltering is focussed on the Link Layer Ethernet frame fields. Apartfrom filtering, it also gives the ability to alter the Ethernet MACaddresses and implement a brouter.This website is also a reference for the Linux bridge-nf code, whichgives Linux the functionality of a bridging IP/IPv6/ARP firewall, byletting iptables/ip6tables/arptables 'see' the bridged IPv4/IPv6/ARPpackets.Both ebtables and bridge-nf are a part of the standard 2.6 kernel. Apatch for the 2.4 stable kernel is maintained here, because enoughpeople keep bugging me when Marcelo releases yet another 2.4 kernel. http://ebtables.sourceforge.net/ Regards, Sp0oKeR On 11/27/05, Leon Stringer <leon.stringer@xxxxxxxxxxxx> wrote:> Hi,>> I've been using iptables as a firewalling router for a year and it's> worked brilliantly.>> (O/T: It went into service after the Cisco-qualified engineers failed to> get their Cisco kit to meet our modest requirements!).>> I now have a new requirement for just a firewall, i.e. no routing.>> So the LAN will connect to one NIC and the other NIC will connect to the> ISP router.>> So I assume that this will require a "virtual" bridge device to be set> up. And I've read that this isn't straightforward to get iptables to> work in this configuration.>> So my question is: as an existing iptables user, should I be able to set> up a box for firewalling only as described?>> If so, is there any (good!) documentation on this?>> Or would I be better off with a firewall "appliance"?>> Thanks in advance for any advice,>> Leon...>>> --===================== Rodrigo Ribeiro MontoroDesenvolvedor BRMAlinux spooker@xxxxxxxxxx RHCE/LPIC-I=====================
