In some mail from Gunnar Ingvi Thorisson, sie said:
>
> Someone know if DrawBrigde is able to filter IP packets for one IP
> address rather than the while subnet? I'm looking for a product that is
> able to pick up a packet if it matches the IP of a single host and router
> it to another ethernet network.
>
>
> Network A | Network B | Network C
> | |
> | |
> .-----------. .----------------.
> | IP filter | ---------> | Firewall/Proxy |
> `-----------' `----------------'
> eth0 | eth1 eth0= | eth1 = 192.168.100.200
> Network = | 192.168.1.1 |
> 192.168.1.0 | |
>
> The IP filter shouldn't have to have any IP addresses, if it sees a packet
> that is addressed to the firewalls eth interface 0 (192.168.1.1) that is
> running on 192.168.1.0 network (IP filters eth0) it copies the packet to
> the eth1 interface and vise versa. Uses an access-list. Does such a
> product exist? Is it possible by the way?
Sounds like you're after a bridge with IP filtering capabilities.
However, I suspect that IP Filter _may_ be able to work this way but you'd
need to setup fake ARP entries in your kernels/routers. How can it do
this ? It can do limited bridging/routing so long as the packets come
in the interface in non-promiscous mode (and are IP). I don't know of
anyone using that exact scenario, but it allows this to make it
invisible to traceroute style tools. It runs best on a FreeBSD or NetBSD
Unix box and has fully fledged access control lists for TCP/IP filtering.
http://coombs.anu.edu.au/~avalon/ip-filter.html
Darren
References:
|
|
