From: Mohamed Eldesoky <eldesoky.lists@gmail.com>
To: traef06@ebasedsecurity.com, netfilter <netfilter@lists.netfilter.org>
Subject: Re: Management of bridged iptables
Date: Fri, 29 Apr 2005 00:50:04 +0200 [thread overview]
Message-ID: <1403218a05042815502d3fe194@mail.gmail.com> (raw)
In-Reply-To: <0380eb44cd704cf780c1fd7f71cece5e@ebasedsecurity.com>
Why don't you give the br0 an IP !!?
On 4/27/05, traef06@ebasedsecurity.com <traef06@ebasedsecurity.com> wrote:
> Thank you.
>
> So, just for my clarification, if I have eth0 (outside interface) and eth1 as my internal interface and they both
> are used to form br0, I could assign eth0 an external IP address so that I can ssh into the box for management?
>
> Am I following his correctly?
>
> Then can I also assign eth1 an internal IP address so that I can manage it from within as well? This won't harm the bridge
> interface br0?
>
> Thank you in advance for all your assistance.
>
>
> Thomas J. Raef
> e-Based Security, Inc.
> "You're either hardened, or you're hacked!"
>
> -------- Original Message --------
> > From: Mohamed Eldesoky <eldesoky.lists@gmail.com>
> > Sent: Tuesday, April 26, 2005 3:32 AM
> > To: traef06@ebasedsecurity.com
> > Subject: Re: Management of bridged iptables
> >
> > You can give the firewall an IP address, on any interface, whether
> > part of the bridge or not part of the bridge.
> > This will still keep the firewall stealthy (not shown in traceroutes),
> > as that IP is not a gateway for any server !!
> >
> > On 4/26/05, traef06@ebasedsecurity.com <traef06@ebasedsecurity.com> wrote:
> > > I've been scouring Google searches looking for an answer. If this is the wrong forum, please forgive me.
> > >
> > > I want to be able to setup iptables and I guess ebtables for a bridged firewall. My problem is that I also need to be able
> > > to manage this remotely like with ssh or something.
> > >
> > > How do I do this and still be able to maintain a "stealthy" firewall?
> > >
> > > Thank you in advance for any help.
> > >
> > > Thomas J. Raef
> > > e-Based Security, Inc.
> > > "You're either hardened, or you're hacked!"
> > >
> > >
> >
> >
> > --
> > Mohamed Eldesoky
> > www.eldesoky.net
> > RHCE
>
>
--
Mohamed Eldesoky
www.eldesoky.net
RHCE
next prev parent reply other threads:[~2005-04-28 22:50 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-27 12:12 Management of bridged iptables traef06
2005-04-28 22:50 ` Mohamed Eldesoky [this message]
2005-04-28 23:17 ` Taylor, Grant
-- strict thread matches above, loose matches on Subject: below --
2005-04-26 10:10 traef06
2005-04-26 10:21 ` Rob Sterenborg
2005-04-26 10:33 ` Mohamed Eldesoky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1403218a05042815502d3fe194@mail.gmail.com \
--to=eldesoky.lists@gmail.com \
--cc=netfilter@lists.netfilter.org \
--cc=traef06@ebasedsecurity.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox