Linux Journal: Building a Bridging Firewall with LinuxMar 18, 2001, 14:46 (3 Talkback[s])
(Other stories by Henry Stilmack)
"The Linux kernels v2.2 and higher have support for Ethernet bridging. In a bridge, all packets received by one interface are passed to the other, without regard to source or destination IP address, by examining the Ethernet MAC destination address of the packet. AC2I, a French company, distributes a kernel patch that allows the ipchains packet filter to work on the bridged interfaces. This configuration allows you to set up a firewall system that is invisible to the Internet, yet provides a high level of protection and access control for your private network. The remainder of this article explains the steps necessary to get a bridging firewall up and running."
"To perform as an effective firewall and network monitor, a CPU must be sufficiently fast. The prototype system was built on a 500MHz Celeron processor with 256MB of memory. Tests show the bridge can keep up with a fully-saturated 10MB/s Ethernet, with no lost packets. Install two additional Network Interface Cards (NICs), because you will need two for the bridge and a third for administering the firewall."