Welcome to Soft32 Linux Forums!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Multi port firewall

  
   Soft32 Home -> Linux -> Firewall RSS
Next:  I don't sign my son up  
Author Message
Andy Simpkins

External


Since: Oct 30, 2007
Posts: 1



(Msg. 1) Posted: Tue Oct 30, 2007 10:10 am
Post subject: Multi port firewall
Archived from groups: linux>debian>maint>firewall (more info?)
Hi there

I already have a firewall/router being used at the entry point to my DSL
home network.

I now need to repeat the process for a small office.

The fun comes with the fact that we will have some internet visible
boxes also located in this office. Best practice would be to have two
firewall boxes one from the WAN (internet) to the DMZ and the other from
the DMZ to the office LAN. However this isn't practical for our needs
(budget / space / power), so we intend to run just the one
firewall/router machine with eth0 to WAN, eth1 to DMZ and eth2 to LAN.
This will also allow me to shape all traffic to and from the internet
(not just to and from My LAN)

eth0 and eth1 will therefore share the same subnet. How do I configure
my firewall/router to route to these boxes correctly?

for example (Fake address)

WAN (88.0.0.1) eth0
DMZ (88.0.0.2) eth1 (Other servers to be internet visible 88.0.0.3 -
88.0.0.15 on this port)
LAN (192.168.1.1) eth2 (NAT)

Yes I could do address translation for all boxes in the DMZ (i.e.
transpose all internet addresses to a local address i.e. 192.168.2.3 -
192.168.2.15) but I really don't want to do this if possible (the
network is likely to become a lot more complicated later and this would
just confuse matters)

Any suggestions?

Andy


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST RemoveThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster RemoveThis @lists.debian.org
Back to top
Login to vote
Pascal Hambourg

External


Since: Jan 23, 2007
Posts: 17



(Msg. 2) Posted: Tue Oct 30, 2007 1:10 pm
Post subject: Re: Multi port firewall [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hello,

Andy Simpkins a écrit :
>
> eth0 and eth1 will therefore share the same subnet.

Preferably not if you want to avoid trouble and dirty hacks.

> How do I configure
> my firewall/router to route to these boxes correctly?

If you want the same subnet on two interface, you'd better bridge them
together. You can filter bridged traffic using ebtables or
{ip,ip6,arp}tables through the bridge-nf infrastructure.

WAN--bridge--(routing+NAT)--LAN
|
DMZ


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST.DeleteThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.DeleteThis@lists.debian.org
Back to top
Login to vote
Display posts from previous:   
Related Topics:
SATA Port Multi. an welchen Kontroller - Hallo, ich habe eine Port Multiplier mit SiI 3726 an welchen SATA-Kontroller läuft dieser Verteiler unter Suse 10.x? ....

open a port i my firewall - Hi, I want to open a port in my fedoar.redhat firewall. How do i do that ? Lars http://roenning.net

NTP firewall port not being opened up on FC3 - In redhat 9 the ntpd init script does this: # Open the firewall for ntp if [ -n "$FWACTIVE"...

GPRS, port 80, and firewall piercing - I am trying to communicate with a GPRS cell phone modem that connects on IP port 80 over the internet. I am running an...

Anyone using MMC multi-slot? - Hi everyone, I've been trying to come up with ways to clean up the MMC layer a bit, and one idea I had was to remove..

about multi boot system - Hi, friends: I have to 2 hard drivers(40GB and 20GB), now I have used 40GB to install windows 2000, windows 98 and...
       Soft32 Home -> Linux -> Firewall All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Categories:
 Windows
  Linux
 Mac
 PDA

[ Contact us | Terms of Service/Privacy Policy ]