Hi,
I'd like to know if anyone has a transparent firewall that is one that
doesn't make any rules on the traffic but only always pass it without this
beeing notified by the rest of the network system... this should help me to
do my thesis. I would be like adding one transparent layer between the
network layer (ip) and the link layer (physical).
Thanks a lot
Romain Giry
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
On Wed, 05 Dec 2001, Romain Giry wrote:
> I'd like to know if anyone has a transparent firewall that is one that
> doesn't make any rules on the traffic but only always pass it without this
> beeing notified by the rest of the network system... this should help me to
> do my thesis. I would be like adding one transparent layer between the
> network layer (ip) and the link layer (physical).
Semi-transparent: Proxy ARP, works at a site that I administer.
Really transparent: Check out bridge.sourceforge.net, that project -
among other goals - aims at making Linux 2.4's bridge code aware of
netfilter.
I'm not quite sure if some BSD variants can already do that (FreeBSD
maybe), check their sites as well.
Hope that helps.
Matthias
P. S.: the "To" address of your news-to-list gateway is
"mlist-linux-kernel", which breaks list detection and automatic list
replies in some mailers, notably mutt. Please include Mail-Followup-To:
headers or have the administrator of the news-to-mail gate fix their
configuration. Thanks a lot.
In article <[email protected]> you wrote:
> I'd like to know if anyone has a transparent firewall that is one that
> doesn't make any rules on the traffic but only always pass it without this
> beeing notified by the rest of the network system...
There are 2 ways to add a computer into the stream (besides sniffing), you
can set up a bridge, it is forwarding packets without having to have a own
ip address and without the need of reconfiguration. Of course you can use a
router to do the same, it just needs routing table modifications.
If you want to look at the data stream on an application on a (TCP) socket
level, you can use the transproxy function of linux kernel. It will redirect
a connection which is done through a router to any local process. Those
local process then can contact the original destination, having effectively
beeing a man in the middle. There are a lot of tools out there to do this.
You may want to tell us, what you are trying to do.
Greetings
Bernd