[Shorewall-users] Shorewall 2
teastep at shorewall.net
Mon Mar 1 07:38:32 PST 2004
On Monday 01 March 2004 07:22 am, Tom Eastep wrote:
> On Sunday 29 February 2004 11:08 am, Mike Lander wrote:
> > Tom,
> > Forgive me if I misunderstood, after spending some time reading.
> > It appears that you need someone already running all the stuff for
> > bridging. I would be happy to help still if needed. In fact read my last
> > post with the club.
> > At a quick glace I noticed bridging uses mac address or connects networks
> > as if they where on the
> > same switch??
> Effectively, the linux box acts as a switch.
> > I am building two shorewall boxes for this club to connect
> > them with open VPN.
> > And I noticed Open vpn supports bridging. What I am not clear about is
> > the advantages
> > of bridging is it security or what? I noticed that it put intefaces in
> > promiscuous mode.
> It gives you the ability to have a firewall inside of a switch. The
> bridge/firewall can be used to partition an existing network without having
> to subnet.
Let's say you have a bridge with two ethernet interfaces and you create the
bridge 'br0' to bridge the two. In Shorewall, you can then do the following:
- br0 detect
Note that the ethernet interfaces (eth0 and eth1) are not defined in the
The bridge itself can be configured with an IP address so that the bridge may
communicate with other hosts.
With the above setup, you can now use normal Shorewall policies and rules to
control traffic through the bridge and between the two zones and the firewall
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users