RE: Setting up firewall on 2 interface within same subnet?
> I have a few things to clarify on configuring firewall on the same subnet.
>
> I have 2 interface on this Linux-Box. Which I am trying to configure the
> same interface on the same subnet. Is it possible? Do i need to segment
> them on 2 diff subnet? pls explain if there is no possibilities to install
> a firewall with 2 interfaces on the same subnet(shown below).
if you have two interfaces in the same subnet and want to "route" between both
interface's you need to do bridging, i think.
> [gateway:201.10.10.1]
> /
> /
> ----------------------------------------------
> |
> |[interface 1: 201.10.10.10]
> ---------
> <LINUX-BOX>
> ---------
> |[interface 2: 201.10.10.11]
> -----------------------------------------------
> |
> [client] {201.10.10.12-13}
> {gateway:201.10.10.1}
I've had an setup like this and it was quite difficult due to some different
solutions in the internet ;)
There is a bridge+firewall howto, have a look at it.
Basically you will need a kernel patch which creates a new ipchains chain with
the name "bridgein". There you can define rules which deny p.E. the access to
Port 137 in order to protect some windows machines.
Furthermore you will need a small program to control the bridge in usermode.
I'm not sure wheter you need your linux box to load both ethernet cards at boot
time or if loading them as modules is sufficient (see multiple-nic-howto's for
this, it something like adding ether=0,1,eth0 to your kernel options at boot)
Gruß, Erich
Reply to: