Re: Firewall Public IP's?
Giacomo Mulas wrote:
> Another solution for even more complete transparency is to use a
> firewalling bridge, see http://bridge.sourceforge.net for more resources
> on that. The latter solution is probably the best, as it even allows to
> set up two identical machines side by side, and they will automagically
> agree that one actually does bridging while the other sits in standby,
> ready to take over with virtually no downtime should the first one fail
> (hardware problems hurt...). But this extra flexibility comes at a cost:
> you have to patch the kernel, learn to use some more user space tools to
> handle the bridging part, probably use both iptables and ebtables (you
> find patches and user space tools at the URL above), the former to handle
> IP, the latter to handle firewalling of network protocols other than IP.
> The (simpler) working solution I have here is just based on
You can do all of this very simply with 2 gate, vrrpd and a little script (to
activate proxy-arp on the spare box)
> > I would probably have a dhcp server setup to assign the
> > workstaions their IP's and set their gateway to that of
> > the Debian's eth1. (x.x.x.252)
> which means that you can easily handle the configuration of the clients
> and don't need proxy-arp.
You'll need it on the side of the cisco.
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com