Re: Setting up firewall on 2 interface within same subnet?

>>>>> ""Jason" == "Jason Chan <MIS Dept.>" <jsonchan@ebhk.com.hk> writes:

  "Jason> Hi all, I have a few things to clarify on configuring
  "Jason> firewall on the same subnet.


  "Jason> I have 2 interface on this Linux-Box. Which I am trying to
  "Jason> configure the same interface on the same subnet. Is it
  "Jason> possible? Do i need to segment them on 2 diff subnet? pls
  "Jason> explain if there is no possibilities to install a firewall
  "Jason> with 2 interfaces on the same subnet(shown below).

You should be able to do this with arp and a coulpe of hostroutes:

# Setting up arp tables for your internal hosts 
# (eth0=external NIC, eth1=internal NIC)
arp -i eth0 -Ds eth1 pub
arp -i eth0 -Ds eth1 pub
route add -host dev eth1
route add -host dev eth1

# Setting up arp table for hosts on the same segment, but outside the fw
# else the internal hosts wouldn't be able to see them.
arp -i eth1 -Ds eth0 pub 
arp -i eth1 -Ds eth0 pub 
arp -i eth1 -Ds eth0 pub 
.... and so on

Default gw at your internal hosts should be the IP at the external
NIC at your fw (
Default gw at your fw should be

Mvh Claus Albøge

