IP access restriction
Stewart Nelson
sn at scgroup.com
Wed Oct 13 09:55:14 UTC 2004
> I take it your using NAT, in this instance it needs to be a bridge type of
> function.
Well, maybe not. IMO, you have several choices:
1. Implement a bridging firewall. A good description is at
http://linuxgazette.net/issue76/whitmarsh.html
but it appears that in 2.6 you don't need the patch any more. See
http://www.linuxquestions.org/questions/archive/4/2004/08/2/214133
2. Make a pseudo-bridge with proxy-arp. See
http://www.linuxforum.com/linux-advanced-routing/lartc.bridging.html
3. Have the ISP assign an additional /30 and a static route, so
your buddy can have a conventional border router.
4. He may already have a router and not know it :) In which case
you can just add the firewall rules to it, or replace it with
a fedora box.
--Stewart
More information about the users
mailing list