You need to download bridge utils in order for your machine to function as a bridge router. Ebtables is just another packet filter that works at a lower OSI Layer than iptables. I use both for my bridge. The install for the bridge utils is quite straight forward and easy. http://bridge.sourceforge.net/ On Sun, 2005-27-11 at 21:12 +0000, Leon Stringer wrote: > Thanks SpOoKeR, that answers my question. I'll read up on it. > > On Sun, 2005-11-27 at 18:22 -0200, Sp0oKeR wrote: > > Try ebtables instead of iptables > > > > > > What is ebtables? > > > > The ebtables program is a filtering tool for a bridging firewall. The > > filtering is focussed on the Link Layer Ethernet frame fields. Apart > > from filtering, it also gives the ability to alter the Ethernet MAC > > addresses and implement a brouter. > > This website is also a reference for the Linux bridge-nf code, which > > gives Linux the functionality of a bridging IP/IPv6/ARP firewall, by > > letting iptables/ip6tables/arptables 'see' the bridged IPv4/IPv6/ARP > > packets. > > Both ebtables and bridge-nf are a part of the standard 2.6 kernel. A > > patch for the 2.4 stable kernel is maintained here, because enough > > people keep bugging me when Marcelo releases yet another 2.4 kernel. > > > > http://ebtables.sourceforge.net/ > > > > Regards, > > > > Sp0oKeR > > > > On 11/27/05, Leon Stringer <leon.stringer@xxxxxxxxxxxx> wrote: > > > Hi, > > > > > > I've been using iptables as a firewalling router for a year and it's > > > worked brilliantly. > > > > > > (O/T: It went into service after the Cisco-qualified engineers failed to > > > get their Cisco kit to meet our modest requirements!). > > > > > > I now have a new requirement for just a firewall, i.e. no routing. > > > > > > So the LAN will connect to one NIC and the other NIC will connect to the > > > ISP router. > > > > > > So I assume that this will require a "virtual" bridge device to be set > > > up. And I've read that this isn't straightforward to get iptables to > > > work in this configuration. > > > > > > So my question is: as an existing iptables user, should I be able to set > > > up a box for firewalling only as described? > > > > > > If so, is there any (good!) documentation on this? > > > > > > Or would I be better off with a firewall "appliance"? > > > > > > Thanks in advance for any advice, > > > > > > Leon... > >
