|
A bridge is an intelligent connecting wire betwen two network cards. A firewall is an intelligent insulator.
You might want a bridge if you have several computers:
``Several computers'' might be as few as three if those are routing or bridging or just moving around the room from time to time! You also might want a bridge just for the fun of finding out what it does. 2 was what I wanted a bridge for.
If you are really interested in 1, you have to be one of the very few. Check the NET-2-HOWTO and the Serial-HOWTO for better tricks.
You want a firewall if
Curiously, I needed 2 here too. Policy at my university presently is that we should not act as internet service providers to undergraduates.
I started out bridging the network cards in a firewalling machine and ended up firewalling without having cut the bridge. It seems to work and is more flexible than either configuration alone. I can take down the firewall and keep bridging or take down the bridge when I want to be more circumspect.
I would guess that the bridge code lives just above the physical device layer and the firewalling code lives one layer higher up, so that the bridging and firewalling configurations effectively act as though they are running connected together ``in sequence'' and not ``in parallel'' (ouch!). Diagram:
-> Bridge-in -> Firewall-in -> Kernel -> Firewall-out -> Bridge-out ->
There is no other way to explain how one machine can be a ``conductor'' and an ``insulator'' at the same time. There are a few caveats but I'll come to those later. Basically you must route packets that you want to firewall. Anyway, it all seems to work together nicely for me. Here is what you do ...
Hosting by: Hurra Communications Ltd.
Generated: 2007-01-26 17:58:08