Re: Multiple nics on inside of DMZ

To: "'debian-firewall@lists.debian.org'" <debian-firewall@lists.debian.org>
Subject: Re: Multiple nics on inside of DMZ
From: Frederik Schueler <fs@lowpingbastards.de>
Date: Thu, 14 Nov 2002 21:20:38 +0100
Message-id: <20021114202038.GA28214@lowpingbastards.de>
Mail-followup-to: "'debian-firewall@lists.debian.org'" <debian-firewall@lists.debian.org>
In-reply-to: <BD28EF215F59D511A3FF00D0B7B9D34A021F95B6@mohela2.mohela.com>
References: <BD28EF215F59D511A3FF00D0B7B9D34A021F95B6@mohela2.mohela.com>

Hi,

On Thu, Nov 14, 2002 at 01:55:59PM -0600, Miller, Jeff - x3328 wrote:
> A weird addition I came up with involves having several nics on the 'DMZ
> side' of either firewall. All machines within the DMZ would be multihomed,
> with two point-to-point networks (255.255.255.252 subnet) connecting it to
> both firewalls.

be shure to set up appropriate host routes, and it should work. maybe
you need proxy_arp to route between the hosts within the dmz, and you
have to choose a gateway for this (which may be a single point of
failure in your specific setup).

> Although I'm new to netfilter I haven't found anything that will keep this
> idea from working. 

It's more a routing problem then netfilter...

thought about putting a local firewall on every system within the DMZ?

HTH
Frederik Schüler

Reply to:

References:
- Multiple nics on inside of DMZ
  - From: "Miller, Jeff - x3328" <JeffM@MOHELA.com>

Prev by Date: Re: Multiple nics on inside of DMZ
Next by Date: Limiting upload speeds
Previous by thread: Re: Multiple nics on inside of DMZ
Next by thread: Re: Multiple nics on inside of DMZ
Index(es):
- Date
- Thread