Hi, I use Linux boxes as routers and wonders if it''s possible to have them to "copy" the MAC address, so my firewall can toggle on MAC addresses. Now it only see the routers MAC address, so everyone behind can go through my firewall. // Joachim _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Joachim, So, you want your routers to transmit frames to an upstream firewall with different source MAC addresses. This is certainly possible, although it may not work with your current network configuration--you''ll have to do some reading to know. You''ll want to look at the bridging code and ebtables: http://bridge.sourceforge.net/ http://users.pandora.be/bart.de.schuymer/ebtables/ ebtables allows the transformation and filtering of ethernet frames in a manner similar to iptables for IP packets. -Martin : I use Linux boxes as routers and wonders if it''s possible to have them : to "copy" the MAC address, so my firewall can toggle on MAC addresses. : Now it only see the routers MAC address, so everyone behind can go : through my firewall. -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Not really contributing to the discussion on MAC forwarding, but Im wondering about the maturity of linux bridging. I looked at the sourceforge page Martin posted and it seems that the last updates were made duing 2002, nothing in 2003 yet. Does this mean that bridging is fairly stable and complete or that development is just going slow? Just curious. Jay _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Jay,
I can''t comment directly on it, but I''ve used the bridging
setup in
a RedHat 7.3 machine recently. The last Twisted Pair to BNC tranceiver
we had broke, so I had to build one out of a Linux machine. Worked
great on a little network (don''t ask why I had to keep the BNC around,
I''m still pissed about it).
Never had any problems with the bridge. It''s was not on a network
that
had managed switches, so it didn''t have to do interact with any of that
to ensure no network loops, but for a simple bridge it works great.
Turned the machine on, let it run for 15 days no problems on the
network, found a replacement tranceiver and life was good.
I know I used the ancient bridging code in the 1.2 kernel and never
had any problems with it (it''s been re-written since then I believe).
The new code is great, took 5 minutes to figure it out from the man
page. The only thing that thru me was you have to ifconfig up the
bridging interface.
Thanks,
Kirby
On Mon, 2003-02-24 at 12:27, Jay Wineinger wrote:> Not really contributing to the discussion on MAC forwarding, but Im
> wondering about the maturity of linux bridging. I looked at the
sourceforge
> page Martin posted and it seems that the last updates were made duing 2002,
> nothing in 2003 yet. Does this mean that bridging is fairly stable and
> complete or that development is just going slow? Just curious.
>
> Jay
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
--
Real Programmers view electronic multimedia files with a hex editor.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
im using bridging with 2.4x kernel, i have 7 diferent pcs running it, without problems btw all the code is in the kernel , the inly thing you need is the userland tools brctl from bridge-utils package , it has conigurable options for spanning tree so you can put this bridge with others working together im using the bridge with 3coms 3300 also hope this help Victor --- Jay Wineinger <shad@wnoc.com> wrote:> Not really contributing to the discussion on MAC > forwarding, but Im > wondering about the maturity of linux bridging. I > looked at the sourceforge > page Martin posted and it seems that the last > updates were made duing 2002, > nothing in 2003 yet. Does this mean that bridging > is fairly stable and > complete or that development is just going slow? > Just curious. > > Jay > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:http://lartc.org/ __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I''m using bridging on LEAF - a mini distro and it works well. The numbering scheme however seems to suggest not so mature a code. I''m on that list too and work is going on a iptables replacement when bridging is being used - called ebtables. Reason being that while bridging, iptables can be used only on the forward table/chain. Mohan -----Original Message----- From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] On Behalf Of Jay Wineinger Sent: Monday, February 24, 2003 11:58 PM To: lartc@mailman.ds9a.nl Subject: [LARTC] Bridging Not really contributing to the discussion on MAC forwarding, but Im wondering about the maturity of linux bridging. I looked at the sourceforge page Martin posted and it seems that the last updates were made duing 2002, nothing in 2003 yet. Does this mean that bridging is fairly stable and complete or that development is just going slow? Just curious. Jay _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/