F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
113
10.2.3
Transparent Proxy – Bridge Mode
F-Secure Internet Gatekeeper for Linux can also operate as a bridge while acting as a transparent
proxy. If you configure the product in bridge mode, virus scanning functions can be provided to clients
without having to change any settings on clients and networks.
In order to set up a transparent proxy in bridge-mode, you need to set up an Internet Gatekeeper
computer that has 2 or more interfaces and place it between clients and servers. You may need to
recompile the Linux kernel if the bridging functionality is not enabled by default in your distribution, or if
you use Linux version 2.4. Because the product works as a bridge, both of the interfaces, while on
different physical networks, are on the same logical IP network.
SERVER:110
9110
SERVER: Server (HTTP, SMTP, POP)
192.168.1.12
: Client
192.168.1.11
: Client
192.168.1.10
: Client
FSIGK:9110
SERVER:110
1
Internet Gatekeeper
service
(fsigk)
4
*:110=>FSIGK:9110
NAT table
(iptables)
3
FSIGK(192.168.1.2): Internet Gatekeeper Service
: Top-level router
192.168.1.1: Lower-level router
Internet
SERVER:110
Br idge (br0) /
192.168.1.2
Eth1
Eth0
2