[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fw: Shorewall with Debian

Just to clear up bit mis-understanding
I did not put same IP on eth0 and eth1, they 10.1.1.1 and 10.1.1.4
But both did reside on the same subnet: 255.0.0.0
With this scenario, I assume you corrected me by saying this configuration will confuse the Debian on will packet will go from which NIC, is this correct?

But then, with the same conf, why am I able to log in from 10.1.1.5 by using https://10.1.1.1:10000 or https://10.1.1.4:10000?
This is what somehow confusing me

And why the ping result:

> 'ping 10.1.1.5' on my Debian
> - with eth0 only, resulting: From 10.1.1.4 icmp_seq=10 Destination
> Host Unreachable
> - with eth1 only, resulting: 64bytes from 10.1.1.5: icmp_seq=1 ttl=125
> time=0.080ms

will be different?


Cheers




----- Original Message ----
From: subscriptions <subscriptions@rdegraaf.nl>
To: debian-user@lists.debian.org
Sent: Tuesday, 25 November, 2008 4:46:45 PM
Subject: Re: Fw: Shorewall with Debian

On Tue, 2008-11-25 at 06:36 +0100, Phillipus Gunawan wrote:
> 
> Thanks for the reply,
> 
> I admit, yes, it was mistake to create both NIC on the same subnet,
> though I need to study more about this
> 
> 'ping 10.1.1.5' on my Debian
> - with eth0 only, resulting: From 10.1.1.4 icmp_seq=10 Destination
> Host Unreachable
> - with eth1 only, resulting: 64bytes from 10.1.1.5: icmp_seq=1 ttl=125
> time=0.080ms
> 
> Please guide me
> If I still want to make the same IPs on each NIC, subnetting /8
> and /24 will solve the problem?
> With eth1 connected, I can log in into my Webmin either by address
> https://10.1.1.1:10000 or https://10.1.1.4:10000 from other host (e.g.
> 10.1.1.5)
> why is that?
> 
> Thanks

You can not have the same IP on each NIC.

What is possible; is to have an IP on each NIC from the same
(sub)network range, but that makes routing less transparent. Better go
with ip from different subnet ranges for each NIC: e.g. 10.0.1.2/24 for
eth0 and 10.0.2.2/24 for eth1.

What is the purpose of the whole exercise? 
(important question for what to do next!)

If the computers function is *only* a firewall, you might want to look
into bridging.

Best,

Rob


-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


      Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline



      Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
Reply to: