On Fri, Oct 20, 2000 at 12:01:50PM +0200, Claus Alboege wrote: > >>>>> ""Jason" == "Jason Chan <MIS Dept.>" <[EMAIL PROTECTED]> writes: > > "Jason> Hi all, I have a few things to clarify on configuring > "Jason> firewall on the same subnet. > > Hi > > "Jason> I have 2 interface on this Linux-Box. Which I am trying to > "Jason> configure the same interface on the same subnet. Is it > "Jason> possible? Do i need to segment them on 2 diff subnet? pls > "Jason> explain if there is no possibilities to install a firewall > "Jason> with 2 interfaces on the same subnet(shown below). > > You should be able to do this with arp and a coulpe of hostroutes: > > # Setting up arp tables for your internal hosts > # (eth0=external NIC, eth1=internal NIC) > arp -i eth0 -Ds 201.10.10.12 eth1 pub > arp -i eth0 -Ds 201.10.10.13 eth1 pub shouldn't this be.. arp -i eth0 -D -s 201.10.10.12 eth1 pub etc..
> route add -host 201.10.10.12 dev eth1 > route add -host 201.10.10.13 dev eth1 > > # Setting up arp table for hosts on the same segment, but outside the fw > # else the internal hosts wouldn't be able to see them. > arp -i eth1 -Ds 201.10.10.2 eth0 pub > arp -i eth1 -Ds 201.10.10.3 eth0 pub > arp -i eth1 -Ds 201.10.10.4 eth0 pub > .... and so on > > Default gw at your internal hosts should be the IP at the external > NIC at your fw (201.10.10.10) > Default gw at your fw should be 201.10.10.1 > > -- > Mvh Claus Alb�ge > > -- > % rm -f *;o > % command not found: o > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- +------------------------------------------------------------------------------ | Brian Russo <[EMAIL PROTECTED]> (808) 957 2333 | University of Hawaii High Energy Physics Group | UCE senders will be charged $100 USD under US Code Title 47, Sec.227(b)(1)(C)
