Is possible to use astaro in transparent mode? I need to install Astaro with the same class of ip address in internal and external Interface. Obciusly i cannot use Nat/masquerading...
I'm assuming you mean using it in bridge mode.
No, ASL cannot be used this way.
You can build your own bridge firewall, it isn't all that difficult now that the 2.6 kernel has the bridge-netfilter functionality built into the kernel as well as iptables and ebtables. There's also a precompiled Redhat kernel available that has the br-nf patch pre-applied. I used the same thing at home between my ASL and linksys router before IPS/Snort was included in the ASL product.
this link has a ton of useful information about building a bridge-firewall.
http://www.honeynet.org/tools/index.html
[ QUOTE ] I need to install Astaro with the same class of ip address in internal and external Interface. Obciusly i cannot use Nat/masquerading...
[/ QUOTE ]
If you could explain why such an arrangement is necessary, maybe we could come up with some ideas for you. Astaro, like virtually all firewalls, is a router.
Hi, i'm trying to do the same thing for a class project. on the inside of astaro I have clients and servers (dns, apache, mail) that are using the 192.168.x.x address space the problem comes when other groups try to access my services from the outside interface of astaro, those groups are alos using the 192.168.x.x address space. I could use a different addressing scheme like 10.x.x.x on the inside and that would work with nat/masq. but a transparent bridge would be ideal because it saves me the hassle of re-addressing the servers and clients. any ideas?
It's getting complicated, but you can use an intermediary routing appliance to NAT from a 192 to a 10 for Astaro. That's a hassle if you're firewalling services because then you have to program two sets of DNAT rules...
