On Thu, Jun 19, 2003 at 10:28:00AM -0400, Andrew M Hoerter wrote:
>
> There's no reason that shouldn't work. I for one would be curious to know
> how it works out. The platform I'm most familiar with for
> firewalling purposes, OpenBSD, can't do transparent bridging with NAT.
> Among other problems, it won't respond to ARP queries for the NAT address
> unless the second interface is configured with that address. The packets
> get translated but no replies ever make it back. I don't know if they're
> ever planning on fixing this issue, since it's well-rooted in how the BSD
> IP stack and firewall software works.
Well, where I'm at now is this:
(internet)--(ISP Router)--1(linux router)2--/switch/--(public net)
0\
\-(nat, priv net)
where eth1 & eth2 are bound to the bridge interface br0
Everything works fine, but I've found no way to inspect packets with
iptables/netfilter based on destination IP address. I found a patch
from the bridge.sourceforge.net site and applied it, but haven't had a
chance to reboot and re-set-up everything. But it claims to work, so
we'll see.
But the NAT'd public network is working fine.
Thanks,
Bill
> But Linux's networking code is totally different, so perhaps you won't
> have that problem.
>
>
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:01:46 EDT