Re: Setting up firewall on 2 interface within same subnet?
On Fri, Oct 20, 2000 at 12:01:50PM +0200, Claus Alboege wrote:
> >>>>> ""Jason" == "Jason Chan <MIS Dept.>" <jsonchan@ebhk.com.hk> writes:
>
> "Jason> Hi all, I have a few things to clarify on configuring
> "Jason> firewall on the same subnet.
>
> Hi
>
> "Jason> I have 2 interface on this Linux-Box. Which I am trying to
> "Jason> configure the same interface on the same subnet. Is it
> "Jason> possible? Do i need to segment them on 2 diff subnet? pls
> "Jason> explain if there is no possibilities to install a firewall
> "Jason> with 2 interfaces on the same subnet(shown below).
>
> You should be able to do this with arp and a coulpe of hostroutes:
>
> # Setting up arp tables for your internal hosts
> # (eth0=external NIC, eth1=internal NIC)
> arp -i eth0 -Ds 201.10.10.12 eth1 pub
> arp -i eth0 -Ds 201.10.10.13 eth1 pub
shouldn't this be..
arp -i eth0 -D -s 201.10.10.12 eth1 pub
etc..
> route add -host 201.10.10.12 dev eth1
> route add -host 201.10.10.13 dev eth1
>
> # Setting up arp table for hosts on the same segment, but outside the fw
> # else the internal hosts wouldn't be able to see them.
> arp -i eth1 -Ds 201.10.10.2 eth0 pub
> arp -i eth1 -Ds 201.10.10.3 eth0 pub
> arp -i eth1 -Ds 201.10.10.4 eth0 pub
> .... and so on
>
> Default gw at your internal hosts should be the IP at the external
> NIC at your fw (201.10.10.10)
> Default gw at your fw should be 201.10.10.1
>
> --
> Mvh Claus Albøge
>
> --
> % rm -f *;o
> % command not found: o
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
+------------------------------------------------------------------------------
| Brian Russo <brusso@phys.hawaii.edu> (808) 957 2333
| University of Hawaii High Energy Physics Group
| UCE senders will be charged $100 USD under US Code Title 47, Sec.227(b)(1)(C)
Reply to: