Re: Firewall Public IP's?
Thanks for the tips!
So just to understand:
Say the Cisco router is
x.x.x.254
I would set eth0 on the debian box to
x.x.x.253 (same side as Cisco)
and set eth1 on the debian box to
x.x.x.252 (local side)
Then set everything behind the debian box to
x.x.x.251 or lower?
I would set the gateway for everything behind the debian
box to
x.x.x.252 ?
I would set IP forwarding via /etc/network/options
Then use iptables (woody with kernel 2.4) to set the filters etc.
This sound ok?
I'm not too familiar with proxy-arp, so this isn't essential?
Would proxy-arp be like intercepting workstation packets desinted
to the cisco gateway to go thru the debian box instead?
I would probably have a dhcp server setup to assign the
workstaions their IP's and set their gateway to that of
the Debian's eth1. (x.x.x.252)
Thanks again for all your help. :)
Mike
Quoting Daniel Pittman <daniel@rimspace.net>:
> On Thu, 11 Apr 2002, Bulent Murtezaoglu wrote:
> > I agree with Daniel Pittman's reply, I would just like to add that if
> > you cannot touch the Cicso at all, you probably will need to turn on
> > proxy-arp in the Debian box.
>
> This is so that the client machines can still see the Cisco box, which
> is presumably their default gateway, right?
>
> I forgot to mention the easiest way to deal with that; setting the
> firewall machine as the default gateway for the clients also works.
>
> Daniel
>
> --
> The aim of psychoanalysis is to relieve people of their neurotic
> unhappiness
> so that they can be normally unhappy.
> -- Sigmund Freud
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: