[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [interfaces + route] My new firewall doesn't forward packages



In article <20020605193057.GA24872@lina.inka.de> lists@lina.inka.de writes:
>> 1- your firewall have 2 interfaces in the same subnet.
>> 2- so your firewall dont know where the hosts are.

>It does, it is just ugly. If you have no network rute to the .9 interface it
>will work. Therefore you have to remove the network route. This can be done
>with "route del -net 194.224.7.0 netmask 255.255.255.0 dev eth0". To execute
>this command you can eighter put it in a boot up script or you can use the
>"up /sbin/route ..." command in interfaces file.

>My question why i was asking was because of the different netmask in the
>additional routes. The above schema does not require them. A Netroute to the
>LAN and a Hostroute to the Cisco and a default gateway using that host route
>is everything which is needed.

Alternatively, the declarations can be done using the ip command rather
than ifconfig and route.  This allows even more control over your exact
network configuration.

You'll also want to use proxy arp, easy to set up with recent linux.
With this, you avoid needing to reconfigure the router and other
systems.  Don't forget to turn on forwarding (off by default).

The only reason I've found to need different addresses on the "same"
subnet is the dhcp server.  If your firewall isn't also a dhcp server,
there is no need to consume the extra address, just use the same on on
all interfaces.


-- 
Blars Blarson			blarson@blars.org
				http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: