seanostephens
asked on
Transparent Bridge Firewall.
Hi, I have a transparent bridge in front of my network. Behind it are about 10 servers, all services from web to mail to ftp to MySQL. I am trying to implement a firewall on the bridge. The only problem is I cant get the firewall to pass the bridged packets unless I allow all bridged packets through. Now if I do that then there is no point in having a firewall there because all the packets are going to br bridged. What am I doing wrong? Here are the rules I have so far:
00500 allow udp from any 53 to any 1024-65535 bridged
00550 allow log udp from any to any 53 bridged
00557 allow log tcp from any 25,80,443 to any bridged
00578 allow log tcp from any to any 25,80,443 bridged
00579 allow log icmp from any to any bridged icmptypes 0,3,4,5,8,9,10,11,12,13,14 ,15,16,17, 18
65534 deny log ip from any to any
These rules dont allow me to view a website or get mail from a server behind the bridge.
In the firewall log I get tons of these:
65534 Deny MAC in via dev0
All I would like to know how to do is pass the services through the bridge but block all other ports that I dont specifically open.
Any help is greatly appreciated.
Cheers
00500 allow udp from any 53 to any 1024-65535 bridged
00550 allow log udp from any to any 53 bridged
00557 allow log tcp from any 25,80,443 to any bridged
00578 allow log tcp from any to any 25,80,443 bridged
00579 allow log icmp from any to any bridged icmptypes 0,3,4,5,8,9,10,11,12,13,14
65534 deny log ip from any to any
These rules dont allow me to view a website or get mail from a server behind the bridge.
In the firewall log I get tons of these:
65534 Deny MAC in via dev0
All I would like to know how to do is pass the services through the bridge but block all other ports that I dont specifically open.
Any help is greatly appreciated.
Cheers
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yup your right on. I dont know if the device possesses knowledge of the firewall??? How would I find out? The bridge is the same machine as the firewall, so how would it not know?
ASKER
##### allow ip from any to any bridged.
then the firewall lets me through. However I do believe that this is pointless, because all the packets that come through are going to be bridged. So the firewall would be useless? Right?