Hi,

I'm very much a newbie with internet security so I'd like some advice on what would best suit my needs.

I have several workstations/servers all with a real-ip coutesey of my ADSL router acting in real-ip mode - So each machine has a totally "open" connection to the internet. With at least a few of my machines being on 24/7 I would like to create a hardware firewall that will protect the machines.

I obviously don't want NAT as I need different things for each IP, is it possible to create a "packet-inspector" that will look at data sent to my various IP's and decide if it's suitible for the machine (Based on a rule-set for each IP).

If what I've described isn't what's best for my needs please suggest something else as I am really new to this!

If anyone has any comments/suggestions or even links to building no-NAT firewalls please post

Thanks for reading.

-=R4z0r

probably the best thing is a bridge

It can be totally transparent, and can be setup to filter with iptables


you could also assign it an ip address if you want, so you can login to it

Thanks for the speedy reply, what exactly is a bridge will it let me do what I suggested or is it somehting differently?

Sorry to be a pain but I'm quite new at this and I like to understand things!

maybe you can use this

http://www.linuxquestions.org/questi...451#post188451





the bridge takes about 60 seconds to come up, you can setup your scripts to set the ip if you want one, otherwise you don't really need to.

anything hitting one interface comes out the other.


the kernel must have it enabled