Re: Firewall and proxy arp

To: "radel" <radel@radel.org>, debian-firewall@lists.debian.org
Subject: Re: Firewall and proxy arp
From: "Charles Kidson" <charlesk@generalpants.com.au>
Date: Sun, 18 Jan 2004 12:46:16 +1100
Message-id: <[🔎] WorldClient-F200401181246.AA46160110@generalpants.com.au>
In-reply-to: <[🔎] 20040117093650.1634.qmail@webmaildomini2.aruba.it>
References: <[🔎] 20040117093650.1634.qmail@webmaildomini2.aruba.it>

-----Original Message-----
From: "radel" <radel@radel.org>
To: debian-firewall@lists.debian.org
Date: Sat, 17 Jan 2004 10:36:50 +0100
Subject: Firewall and proxy arp

> 
> I'm installing a debian firewall in my office network and I have some
> questions. I'll try to explain my office network: I have a router and
> some public ip addresses (say 8); I also have a switch directly
> connected to the servers and the internal router's interface. Yes, I
> know it's risky... I'm working on it;)
> I want to insert a firewall between the servers and the router, of
> course.
> Moreover I want the ip addresses on the servers to be real public IPs
> (no 1-1 nat or similar things).
> I have only 8 IPs, so I can't do subnetting.
> I think proxy arp is the best solution in my case.
> BUT I want to connect different servers on different interfaces on the
> firewall. Something like
>                                 Router 
> 
>                                 Firewall 
> 
> 
>            Server1          Server2           Server3 
> 
> but server1, server2 and server 3 needs to be on a different firewall's
> interface.
> Please help me explaining my mistakes. 
> 
> I think I have to:
> ° enable proxy arp an all the internal firewall;
> ° assign a public ip address to the external firewall's interface;
> ° assign a fake ip address to all the internal interfaces;
> ° delete the routing table;
> ° set an host router for each server with the correct interface;
> ° set the host route for the router on the external intercae;
> ° set the default gateway via that router;
> ° drink a coffee. 
> 
> Am I right? Will all work as expected? Can I use only one public IP on
> the firewall? 
> 
> What about server1 trying to contact server2? Will it work? 
> 
> Sorry for my poor english and many many thanks in advance. 
> 
> Radel
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 

Have you considered using a bridging firewall?


Check out : 
http://www.tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO.html
http://sourceforge.net/projects/ebtables

Hope this helps,

Regards,
Charlie

Reply to:

Follow-Ups:
- Re: Firewall and proxy arp
  - From: "radel" <radel@radel.org>

References:
- Firewall and proxy arp
  - From: "radel" <radel@radel.org>

Prev by Date: unsubscribe
Next by Date: unsubscribe
Previous by thread: Re: Firewall and proxy arp
Next by thread: Re: Firewall and proxy arp
Index(es):
- Date
- Thread