Firewall/Router on same Subnet?

To: <debian-firewall@lists.debian.org>
Subject: Firewall/Router on same Subnet?
From: "Jeremy" <webguru@manlab.com>
Date: Thu, 31 Jan 2002 10:11:13 -0600
Message-id: <[🔎] LOEIIIGKPBJCPGMCCHNPKENJCDAA.webguru@manlab.com>

Here's what you should know:
=============================
iptables
debian 2.4.19
Firewall Ethernet connection is as follows: eth0 is connected to WAN and
eth1 is connected to a switch, which is my DMZ. All my other servers are
connected to that switch)

My firewall acts as a router, using ROUTE and ARP to pass the packets from
the firewall to all the other computers on the same subnet. what I realized
(correct me if I'm wrong) is that routers cannot forward packets across the
same subnet ( hence why you use ARP ).

THE PROBLEM
==============
INPUT is FINE
OUTPUT is FINE
FORWARD is FOOBAR

My firewall doesn't like to FORWARD packets back out. everything goes into
the DMZ but nothing goes out. I cannot whois, lynx etc. subnetting is out of
the question.

here is why I think this is so:
================================
you ARP an IP it will send it as MAC address ( layer 2 ) and the router
can't handle it because it is a layer 3 device.

WHAT CAN I DO TO FIX THIS PROBLEM? I don't want to change the current
configuration i.e. NATing or subnetting.

Much Appreciated for any help.

Regards,
Jeremy

Reply to:

Follow-Ups:
- Re: Firewall/Router on same Subnet?
  - From: Peter Horstkorte <peter@MplusB.de>
- Re: Firewall/Router on same Subnet?
  - From: "Jeremy T. Bouse" <jbouse@debian.org>

Prev by Date: Re: Norton AntiVirus detected a virus in a message you sent. Th
Next by Date: Re: Firewall/Router on same Subnet?
Previous by thread: Re: Norton AntiVirus detected a virus in a message you sent. Th
Next by thread: Re: Firewall/Router on same Subnet?
Index(es):
- Date
- Thread