[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Setting M0n0wall as Transparenet Firewall
 Date:  Mon, 26 Sep 2005 17:02:42 -0400
On 9/26/05, Steve Yates <steve at teamits dot com> wrote:
> On Mon, 26 Sep 2005 16:12:24 -0400
> Chris Buechler <cbuechler at gmail dot com> wrote:
> > the answer to "can m0n0wall be setup as transparent?" is
> > "act in bridge mode".
>         A question about this...I was under the impression that a
> transparent firewall had no IP address?

Depends on who you ask.  Most commercial firewalls (all that I've
seen, but I'm sure there are some I haven't seen that differ) are
referring to something exactly like the example configuration I
posted, where the firewall is "transparent" between the protected
hosts and the Internet, but indeed does have an IP address on it for
management and other purposes.

The IP address is important because (assuming you have the LAN plugged
into nothing as that example describes) without it you can't change
the configuration, synchronize time, or syslog off to another host. 
The last two are two critical functions of any firewall - logging to a
separate box, with accurate timestamps.  And m0n0wall doesn't have
sufficient console capabilities for operation without the webGUI.

You can do it IP-less with most devices, but it's not the best way to
do it even on devices you can fully administer from the console
(again, NTP and syslog, at a minimum, are why).