RE: splitting a subnet in an odd way
Leonardo Boselli wrote:
>
> You forget one thing: there are 10 other machines (addresses 3 to 13)
> that need not to be firewalled, and must be accessible from
> ANY pother
> ost either internally and externally, without passing the FW.
> The second group really is not a problem, since are just virtual
> addresses for a machine in the first group, that self-firewall !
> However user in the third, internal group should access these
> machines
> direclty.
> About proxy-arping 230 machines: what commands would you suggest
> for dcoing that , the way i used for a small group did havoc on some
> network monitoring tools !
>
I think the best solution would be a briding firewall. No need for 230
proxy-arps, and (if correctly set up) nearly invisible to the outside world.
See
<http://lists.debian.org/debian-firewall/2003/debian-firewall-200301/msg0004
4.html> for more info and links.
Thomas
Reply to: