Filtering and Bridging

Sat, 29 Jul 2000 14:56:39 +0200

On Sat, Jul 29, 2000 at 02:48:18PM +0200, Patrick Dreker wrote:
> Hello...
> 
> I need to set up a packet filtering system here at our network, but due to
> nature of the existing configuration I am having a pretty hard time...
> 
> The Problem is that our exterior gateway has an IP on the same subnet
> as our network, and the only point where I can put the firewall into
> the network is _between_ the gateway and our network:

The Shock, The Horror: proxy ARP!

> Internet --- Gateway --- Firewall --- internal network
>                   (all on the same subnet)

Put your box in between, and let it do proxy arp for the entire subnet 'on
the right' on the interface to the gateway, and do proxy arp for the gateway
on the side of the interface of the internal network.

I did it this way, and was able to filter packets as well.

Wins no prizes for elegance, though.

Regards,

bert hubert

-- 
                       |              http://www.rent-a-nerd.nl
                       |                     - U N I X -
                       |          Inspice et cautus eris - D11T'95