Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Bridging firewall
- Thread starter TheGrey
- Start date
I'm not sure I follow you. Is this just a matter of which rules you loaded for ipfw, or is there a kernel setting that just uses ipfw for bridging, without enabling the firewall. If so, I have never heard of this.
OTOH, if you have just loaded the minimal ruleset to do address translation, without firewall rules, well, that is more secure than NO firewall, but still, it allows network traffic on any port, from any IP address, in or out. The only security here is that no outside agent can know the internal address of your other workstations on the network. But, if any trojan virus infects a workstation, it can communicate to the outside world through any port it wants. Also, with a minimal ruleset, you are probably not doing any logging, which can help you identify when problems or attacks occur.
Consider it "halfway" secure. Not necessarily bad, but not exactly a locked fortress. -------------------------------------------
"Calculus is just the meaningless manipulation of higher symbols"
-unknown F student
OTOH, if you have just loaded the minimal ruleset to do address translation, without firewall rules, well, that is more secure than NO firewall, but still, it allows network traffic on any port, from any IP address, in or out. The only security here is that no outside agent can know the internal address of your other workstations on the network. But, if any trojan virus infects a workstation, it can communicate to the outside world through any port it wants. Also, with a minimal ruleset, you are probably not doing any logging, which can help you identify when problems or attacks occur.
Consider it "halfway" secure. Not necessarily bad, but not exactly a locked fortress. -------------------------------------------
"Calculus is just the meaningless manipulation of higher symbols"
-unknown F student
- Thread starter
- #3
ok, let me put it like this:
lets say i have a totally blocked firewall, deny all ip, tcp, udp , icmp - in and out
is there any way to send an ethernet packet trough, making the recieving computer on the other side open it as an ip-packet? for instance somehow hiding the ip packet in an ethernet packet through the firewall.
the bridge is transparent, and does not necessarily have an ip address at all.
lets say i have a totally blocked firewall, deny all ip, tcp, udp , icmp - in and out
is there any way to send an ethernet packet trough, making the recieving computer on the other side open it as an ip-packet? for instance somehow hiding the ip packet in an ethernet packet through the firewall.
the bridge is transparent, and does not necessarily have an ip address at all.
- Status
Similar threads
- Locked
- Question
