Re: 2.2.5 kernel/routing/firewalling

Peter Benie (pjb1008@cam.ac.uk)
Fri, 16 Apr 1999 11:59:03 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alexander Kjeldaas: "Re: setuids() like setgroups() ?"
Previous message: Peter Benie: "Re: Linux TCP Fixing everyones problems?"

Gregory Maxwell writes ("Re: 2.2.5 kernel/routing/firewalling"):
>
> I just used proxy arp (not rarp as above) to proxy for machines on the
> other side.. With a quick (and very dangerous) TTL hack, I had a network
> transparent firewall..

When I tried that, it didn't quite work. I have several routers for
different networks on one side of my firewall, and my hosts on the
other. The configuration of the routers is subject to change, so the
hosts are configured to use one gateway and rely on icmp redirects to
find the other routers.

The redirects would normally be processed by the hosts, but in this
case the firewall is in the way and has to process the redirects
itself. Unfortunately, the Linux firewall just ignores them.

Peter

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alexander Kjeldaas: "Re: setuids() like setgroups() ?"
Previous message: Peter Benie: "Re: Linux TCP Fixing everyones problems?"