* firewalling PPPOE stream without terminating it
@ 2003-09-12 14:32 Chris Friesen
2003-09-15 10:18 ` Harald Welte
0 siblings, 1 reply; 3+ messages in thread
From: Chris Friesen @ 2003-09-12 14:32 UTC (permalink / raw)
To: netdev, linux-kernel
I've got a PPPOE DSL line coming into my house, and I and my roommates
each terminate our own connection and get our own dynamic IP address.
With the recent bunch of viruses/worms, a couple of us were thinking
about setting up a box as a transparent firewalling bridge. The only
tricky bit is that we don't want to terminate the PPPOE connection at
that box, since that would then force us to do NAT/ipmasq.
Does anyone know of any way to filter the contents of a tunnelled packet
(PPPOE in particular) using standard tools like ebtables/iptables?
The other possibility I had considered was a netfilter module that tied
into the ebtables hooks and knew how to look inside the PPPOE packet,
but then I wouldn't get the userspace interface from ebtables/iptables.
Chris
--
Chris Friesen | MailStop: 043/33/F10
Nortel Networks | work: (613) 765-0557
3500 Carling Avenue | fax: (613) 765-2986
Nepean, ON K2H 8E9 Canada | email: cfriesen@nortelnetworks.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: firewalling PPPOE stream without terminating it
2003-09-12 14:32 firewalling PPPOE stream without terminating it Chris Friesen
@ 2003-09-15 10:18 ` Harald Welte
2003-09-15 14:22 ` Chris Friesen
0 siblings, 1 reply; 3+ messages in thread
From: Harald Welte @ 2003-09-15 10:18 UTC (permalink / raw)
To: Chris Friesen; +Cc: netdev, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 966 bytes --]
Hi Chris!
On Fri, Sep 12, 2003 at 10:32:04AM -0400, Chris Friesen wrote:
> I've got a PPPOE DSL line coming into my house, and I and my roommates
> each terminate our own connection and get our own dynamic IP address.
So how is this question related to either
1) network development (netdev@oss.sgi.com)
2) linux-kernel development (linux-kernel@vger.kernel.org)
I would like to ask you this question at an apropriate mailinglist
(netfilter@lists.netfilter.org, or the lartc mailinglist [since the
assumption that you would need to do NAT in case you terminate the two
dsl lines is invalid an can be solved using policy routing + connmark]).
> Chris Friesen | MailStop: 043/33/F10
--
- Harald Welte <laforge@gnumonks.org> http://www.gnumonks.org/
============================================================================
Programming is like sex: One mistake and you have to support it your lifetime
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: firewalling PPPOE stream without terminating it
2003-09-15 10:18 ` Harald Welte
@ 2003-09-15 14:22 ` Chris Friesen
0 siblings, 0 replies; 3+ messages in thread
From: Chris Friesen @ 2003-09-15 14:22 UTC (permalink / raw)
To: Harald Welte; +Cc: netdev, linux-kernel
Harald Welte wrote:
> So how is this question related to either
> 1) network development (netdev@oss.sgi.com)
> 2) linux-kernel development (linux-kernel@vger.kernel.org)
>
> I would like to ask you this question at an apropriate mailinglist
> (netfilter@lists.netfilter.org, or the lartc mailinglist
Sorry, my bad.
Thread continued on other list as suggested.
Chris
--
Chris Friesen | MailStop: 043/33/F10
Nortel Networks | work: (613) 765-0557
3500 Carling Avenue | fax: (613) 765-2986
Nepean, ON K2H 8E9 Canada | email: cfriesen@nortelnetworks.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-09-15 14:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-09-12 14:32 firewalling PPPOE stream without terminating it Chris Friesen
2003-09-15 10:18 ` Harald Welte
2003-09-15 14:22 ` Chris Friesen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).