Re: [interfaces + route] My new firewall doesn't forward packages
In article <20020605193057.GA24872@lina.inka.de> email@example.com writes:
>> 1- your firewall have 2 interfaces in the same subnet.
>> 2- so your firewall dont know where the hosts are.
>It does, it is just ugly. If you have no network rute to the .9 interface it
>will work. Therefore you have to remove the network route. This can be done
>with "route del -net 188.8.131.52 netmask 255.255.255.0 dev eth0". To execute
>this command you can eighter put it in a boot up script or you can use the
>"up /sbin/route ..." command in interfaces file.
>My question why i was asking was because of the different netmask in the
>additional routes. The above schema does not require them. A Netroute to the
>LAN and a Hostroute to the Cisco and a default gateway using that host route
>is everything which is needed.
Alternatively, the declarations can be done using the ip command rather
than ifconfig and route. This allows even more control over your exact
You'll also want to use proxy arp, easy to set up with recent linux.
With this, you avoid needing to reconfigure the router and other
systems. Don't forget to turn on forwarding (off by default).
The only reason I've found to need different addresses on the "same"
subnet is the dhcp server. If your firewall isn't also a dhcp server,
there is no need to consume the extra address, just use the same on on
Blars Blarson firstname.lastname@example.org
"Text is a way we cheat time." -- Patrick Nielsen Hayden
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org