[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Setting up firewall on 2 interface within same subnet?

>>>>> ""Jason" == "Jason Chan <MIS Dept.>" <jsonchan@ebhk.com.hk> writes:

  "Jason> Hi all, I have a few things to clarify on configuring
  "Jason> firewall on the same subnet.

Hi

  "Jason> I have 2 interface on this Linux-Box. Which I am trying to
  "Jason> configure the same interface on the same subnet. Is it
  "Jason> possible? Do i need to segment them on 2 diff subnet? pls
  "Jason> explain if there is no possibilities to install a firewall
  "Jason> with 2 interfaces on the same subnet(shown below).

You should be able to do this with arp and a coulpe of hostroutes:

# Setting up arp tables for your internal hosts 
# (eth0=external NIC, eth1=internal NIC)
arp -i eth0 -Ds 201.10.10.12 eth1 pub
arp -i eth0 -Ds 201.10.10.13 eth1 pub
route add -host 201.10.10.12 dev eth1
route add -host 201.10.10.13 dev eth1

# Setting up arp table for hosts on the same segment, but outside the fw
# else the internal hosts wouldn't be able to see them.
arp -i eth1 -Ds 201.10.10.2 eth0 pub 
arp -i eth1 -Ds 201.10.10.3 eth0 pub 
arp -i eth1 -Ds 201.10.10.4 eth0 pub 
.... and so on

Default gw at your internal hosts should be the IP at the external
NIC at your fw (201.10.10.10)
Default gw at your fw should be 201.10.10.1

-- 
Mvh Claus Albøge

--
% rm -f *;o
% command not found: o
Reply to: