Sophie: howto-html-en-20080722-2mdv2010.1 noarch

howto-html-en-20080722-2mdv2010.1.noarch.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
 <TITLE>Ethernet Bridge + netfilter Howto: Introduction</TITLE>
 <LINK HREF="Ethernet-Bridge-netfilter-HOWTO-2.html" REL=next>

 <LINK HREF="Ethernet-Bridge-netfilter-HOWTO.html#toc1" REL=contents>
</HEAD>
<BODY>
<A HREF="Ethernet-Bridge-netfilter-HOWTO-2.html">Next</A>
Previous
<A HREF="Ethernet-Bridge-netfilter-HOWTO.html#toc1">Contents</A>
<HR>
<H2><A NAME="s1">1.</A> <A HREF="Ethernet-Bridge-netfilter-HOWTO.html#toc1">Introduction</A></H2>

<P>Ethernet bridges connect two or more distinct ethernet segments transparently.<BR>
An ethernet bridge distributes ethernet frames coming in on one port to other 
ports associated to the bridge interface. This is accomplished with 
brain: Whenever the bridge knows on which port the MAC address to which the 
frame is to be delivered is located it forwards this frame only to this only 
port instead of polluting all ports together. </P>
<P>Ethernet interfaces can be added to an existing bridge interface 
and become then (logical) ports of the bridge interface.</P>
<P>Putting a netfilter structure on top of a bridge interface renders the 
bridge capable of servicing filtering mechanisms. This way, a 
transparent filtering instance can be created. It even needs no IP address 
assigned to work. Of course, you can assign an IP address to the bridge 
interface for maintenance purposes ( certainly, with ssh only ;-).</P>
<P>The advantage of this system is evident. Transparency alleviates the network 
administrator of the pain of restructuring the network topology. And users may 
not notice the existence of the bridge but their connection beeing 
blocked. Also, users are not disturbed while working (think of a company where 
network connection loss pays alot).</P>
<P>The other common case is a client beeing connected to the global web via a 
leased router. As the providers seldomly grant administration privileges on 
their leasing hardware, the client cannot change the interconnecting 
configuration. But, of course, the client has a network running, and wants 
to spend at least as possible, he does not want to reconfigure his entire 
network. And he does not need to if he uses a bridging device.</P>



<HR>
<A HREF="Ethernet-Bridge-netfilter-HOWTO-2.html">Next</A>
Previous
<A HREF="Ethernet-Bridge-netfilter-HOWTO.html#toc1">Contents</A>
</BODY>
</HTML>