Re: Firewall and proxy arp
Hi,
On Sat, Jan 17, 2004 at 10:36:50AM +0100, radel wrote:
> [cut]
>
> I think I have to:
> ° enable proxy arp an all the internal firewall;
and external too.
> ° assign a public ip address to the external firewall's interface;
> ° assign a fake ip address to all the internal interfaces;
Why fake? You can set on all internal interfaces the same public address
as used on external one.
> ° delete the routing table;
For internal interfaces only. For external you don't need to.
> ° set an host router for each server with the correct interface;
> ° set the host route for the router on the external intercae;
Ok, I'm doing it using following additional rules in /etc/network/interfaces
for internal interfaces:
up ip route del 192.168.0.0/28 dev ethx
up ip route add 192.168.0.x dev ethx
up echo 1 >/proc/sys/net/ipv4/conf/ethx/proxy_arp
and for external additional are only:
gateway x.x.x.x
up echo 1 >/proc/sys/net/ipv4/conf/ethx/proxy_arp
and I'm setting the same address and netmask on all interfaces.
> ° set the default gateway via that router;
On firewal and all servers.
> ° drink a coffee.
Not yet - you need also:
echo 1 >/proc/sys/net/ipv4/ip_forward
> Am I right? Will all work as expected?
It should work. That depends of your iptables rules ;)
> Can I use only one public IP on the firewall?
Yes.
> What about server1 trying to contact server2? Will it work?
Yes.
> Sorry for my poor english and many many thanks in advance.
My is not better :)
Greetings,
Robert Tasarz
Reply to: