Firewallsetup
My goal is to setup a firewall to protect my subnet like this:
Internet
|
Cisco router (192.12.120.254)
|
Local net 192.12.120.0 netmask 255.255.255.0
|
FIREWALL eth0 = 192.12.120.190, eth1 = 192.12.120.202
|
Protected subnet 192.12.120.200 netmask 255.255.255.252
This worked fine when I used masqurading and a fake net (192.168.2.0)
but not when I try to use real IP addresses and a subnet. This is the
firewall setup:
(outside)
eth0:
IP = 192.12.120.190
Netmask = 255.255.255.0
Network = 192.12.120.0
Broadcast = 192.12.120.255
Gateway = 192.12.120.254
(inside)
IP = 192.12.120.202
Netmask = 255.255.255.252
Network = 192.12.120.200
Broadcast = 192.12.120.203
Gateway = 192.12.120.190
Routing table:
Dest. Gateway Genmask
192.12.120.200 * 255.255.255.252 eth1
192.12.120.0 * 255.255.255.0 eth0
127.0.0.0 * 255.0.0.0 lo
default 192.12.120.0 * eth0
I have tried to turn on arp and promiscus mode but that doesn´t help.
I'm able to ping both the Internet, localnet, and subnet from the
firewall. I'm able to ping the firewall (both addresses) from a host on
the subnet. Using tcpdump I see that when I ping a host from the subnet
to the local net then traffic I forwarded out but not back to the host
on the local net. My ipfw config is set to accept all traffic.
Anyone, please?
/Regards Johannes
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: