After reading through the article series by Mick Bauer regarding transparent firewalls I got a bit inspired to try for myself.
I've installed ubuntu onto a machine with 3 network interfaces, and bridged these three interfaces to one common bridge.
I've copied the iptables-script from part V in the series, but re-written it due to the fact that I in my installation will be unable to sort traffic based on ip.
I will not know which addresses will be used on either side of the firewall, so I'll have to sort my traffic on some other variable.
I was thinking that I could sort the traffic based on PHYSIN and PHYSOUT in iptables, but -i and -o does not seem to do that.
As an example I've created the following rule:
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j ACCEPT
But I still get the following in my kernel log:
floyd kernel: [269519.979985] Dropped by default (FORWARD): IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=eth0 SRC=10.0.0.113 DST=126.96.36.199 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31771 DF PROTO=TCP SPT=35727 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Which as far as I can figure should be allowed by the rule.
What can I do to sort the traffic based on the physical interface?
|Non-Linux FOSS: libnotify, OS X Style||Jun 18, 2013|
|Containers—Not Virtual Machines—Are the Future Cloud||Jun 17, 2013|
|Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer||Jun 12, 2013|
|Weechat, Irssi's Little Brother||Jun 11, 2013|
|One Tail Just Isn't Enough||Jun 07, 2013|
|Introduction to MapReduce with Hadoop on Linux||Jun 05, 2013|
- Containers—Not Virtual Machines—Are the Future Cloud
- Non-Linux FOSS: libnotify, OS X Style
- Linux Systems Administrator
- Validate an E-Mail Address with PHP, the Right Way
- Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- RSS Feeds
- Introduction to MapReduce with Hadoop on Linux
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?