[quagga-users 9261] Re: Will Quagga do this?
bm.lists at ipgarde.com
Wed Jan 2 17:39:29 GMT 2008
In fact, we host tens of Windows servers and we do use iptables based
firewall, but I wouldn't suggest you to place the iptables on the border
routers, because of potential performance issues (firewall + bgp on the same
machine may use lots of CPU) and access / control issues.
I think that you should seperate things : routing on one side, filtering on
the other. In our own case, we use transparent firewalling, and the Windows
boxes have their own public IP addresses.
De : quagga-users-bounces at lists.quagga.net
[mailto:quagga-users-bounces at lists.quagga.net] De la part de Mike Williams
Envoyé : mercredi 2 janvier 2008 16:57
À : quagga-users at lists.quagga.net
Objet : [quagga-users 9260] Re: Will Quagga do this?
On Sunday 30 December 2007 21:53:35 Mike Williams wrote:
> and throw in some simple iptables filtering.
Thanks again to everyone who has responded to my perhaps slightly nooby
Could I just get some clarification on this one point?
It'd be nice to be able to allow only certain ports to some of the IPs in
block(s) being routed. For example, I'm half expecting one project to
some *shudder* windows machines to have real public IP addresses, but would
obviously prefer some real limitations on what ports the public internet can
Is it practical, or even recommened, to use iptables for simple filtering on
the router itself? Or perhaps is there a better way?
Quagga-users mailing list
Quagga-users at lists.quagga.net
More information about the Quagga-users