Find the answer to your Linux question:
Results 1 to 3 of 3
Hey guys, just looking to clear up a quick question here. I've been playing around with setting up a bridging firewall on a spare box. Currently have it sitting between ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2007
    Posts
    4

    iptables config on a bridging firewall


    Hey guys, just looking to clear up a quick question here.

    I've been playing around with setting up a bridging firewall on a spare box. Currently have it sitting between the cable modem and my router. Everything is working nicely, except for one nagging question.

    If I understand things correctly, because the system is bridged, none of the traffic would pass through the Input/Output chains, right? All data would be passing through Forward instead, as none of the traffic is intended for the firewall box itself.

    Originally, I set the rules up based on examples I saw that didn't involve bridging, so most of the rules were applied to the Input/Output chains. In the case of a bridge, I could rewrite the rules script to replace all Input/Output with Forward (all the rules specifiy the in and out devices, so direction should be taken care of), drop any duplicate rules that may occur, set Input/Output to a flat deny, and I should be good to go, right?

  2. #2
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    This is a roundabout answer (since I don't know the real answer).

    If you'd like to determine this for yourself you could turn on some iptables logging temporarily to watch which chains the traffic passes through.

    Check the iptables(8 ) manpages and take a look at the LOG section.

    An example rule might look like:
    # iptables -I INPUT 1 -j LOG --log-level info

    (Notice how I inserted it as the first rule -- that will keep things simpler!)

    You can do the same for any other chains you want to monitor.

    Now make a slight tweak to /etc/syslog.conf. Add a line that looks like this:
    Code:
    kern.=info                                              /var/log/fw
    Next, create that log file and reload syslogd:
    # touch /var/log/fw && /etc/init.d/syslog reload

    You should be in business. You can now tail the /var/log/fw file and monitor for when traffic goes through a chain.

  3. #3
    Just Joined!
    Join Date
    May 2007
    Posts
    4
    Thanks for the suggestion anomie.

    Tried that, and turns that everything was being pushed through the Forward chain. Went ahead and changed all the Input/Output rules to Forward, set a default Drop policy for Input/Output, and nothing seems to have broken. I'll have to play around from outside (helps to have 2 net conns) to make sure I didn't accidentally allow something I didn't want in the process =)

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •