I think I found what I'm looking for here: http://www.debian.org/doc/manuals/securing-debian-howto/ap-bridge-fw.en. html If it doesn't do what I want, then I'll look into the following suggestion. Thanks for the help. Robert LeBlanc > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Vivek Dasmohapatra > Sent: Friday, August 18, 2006 3:09 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: Linux router in bridge mode > > On Thu, 17 Aug 2006, Robert LeBlanc wrote: > > > Is it possible to use iptables with two NICs in bridge mode? I'd like to > > do some NATing on the back end for computers behind the router still. > > Can that be done with virtual addresses, or can an adapter be in bridged > > mode and IP mode (is that what it's called?) at the same time? > > Yes, it is possible to do this. IIRC you used to need a patch, but I think > it was rolled in a while ago. Enable > > CONFIG_BRIDGE_NETFILTER > > Symbol: BRIDGE_NETFILTER [=y] > Prompt: Bridged IP/ARP packets filtering > Defined at net/Kconfig:137 > Depends on: NET && BRIDGE && NETFILTER && INET > Location: > -> Networking > -> Networking support (NET [=y]) > -> Networking options > -> Network packet filtering (replaces ipchains) > > You may also want CONFIG_IP_NF_ARPTABLES (but this is a bit more > specialised): > > Symbol: IP_NF_ARPTABLES [=m] > Prompt: ARP tables support > Defined at net/ipv4/netfilter/Kconfig:581 > Depends on: NET && INET && NETFILTER && NETFILTER_XTABLES > Location: > -> Networking > -> Networking support (NET [=y]) > -> Networking options > -> Network packet filtering (replaces ipchains) (NETFILTER > [=y]) > -> IP: Netfilter Configuration > > Depending on where your bridge is in the network, you may also need to > turn on proxy arp for the interfaces in question. > > The brctl tool is used to set up/remove bridges. > On debian this can be configured in /etc/network/interfaces iirc, or > just use an init script or similar. >
