50 lines
2.4 KiB
HTML
50 lines
2.4 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
|
|
<TITLE>Ethernet Bridge + netfilter Howto: Introduction</TITLE>
|
|
<LINK HREF="Ethernet-Bridge-netfilter-HOWTO-2.html" REL=next>
|
|
|
|
<LINK HREF="Ethernet-Bridge-netfilter-HOWTO.html#toc1" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="Ethernet-Bridge-netfilter-HOWTO-2.html">Next</A>
|
|
Previous
|
|
<A HREF="Ethernet-Bridge-netfilter-HOWTO.html#toc1">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s1">1.</A> <A HREF="Ethernet-Bridge-netfilter-HOWTO.html#toc1">Introduction</A></H2>
|
|
|
|
<P>Ethernet bridges connect two or more distinct ethernet segments transparently.<BR>
|
|
An ethernet bridge distributes ethernet frames coming in on one port to other
|
|
ports associated to the bridge interface. This is accomplished with
|
|
brain: Whenever the bridge knows on which port the MAC address to which the
|
|
frame is to be delivered is located it forwards this frame only to this only
|
|
port instead of polluting all ports together. </P>
|
|
<P>Ethernet interfaces can be added to an existing bridge interface
|
|
and become then (logical) ports of the bridge interface.</P>
|
|
<P>Putting a netfilter structure on top of a bridge interface renders the
|
|
bridge capable of servicing filtering mechanisms. This way, a
|
|
transparent filtering instance can be created. It even needs no IP address
|
|
assigned to work. Of course, you can assign an IP address to the bridge
|
|
interface for maintenance purposes ( certainly, with ssh only ;-).</P>
|
|
<P>The advantage of this system is evident. Transparency alleviates the network
|
|
administrator of the pain of restructuring the network topology. And users may
|
|
not notice the existence of the bridge but their connection beeing
|
|
blocked. Also, users are not disturbed while working (think of a company where
|
|
network connection loss pays alot).</P>
|
|
<P>The other common case is a client beeing connected to the global web via a
|
|
leased router. As the providers seldomly grant administration privileges on
|
|
their leasing hardware, the client cannot change the interconnecting
|
|
configuration. But, of course, the client has a network running, and wants
|
|
to spend at least as possible, he does not want to reconfigure his entire
|
|
network. And he does not need to if he uses a bridging device.</P>
|
|
|
|
|
|
|
|
<HR>
|
|
<A HREF="Ethernet-Bridge-netfilter-HOWTO-2.html">Next</A>
|
|
Previous
|
|
<A HREF="Ethernet-Bridge-netfilter-HOWTO.html#toc1">Contents</A>
|
|
</BODY>
|
|
</HTML>
|