> I have a few things to clarify on configuring firewall on the same subnet.
>
> I have 2 interface on this Linux-Box. Which I am trying to configure the
> same interface on the same subnet. Is it possible? Do i need to segment
> them on 2 diff subnet? pls explain if there is no possibilities to install
> a firewall with 2 interfaces on the same subnet(shown below).
if you have two interfaces in the same subnet and want to "route" between both
interface's you need to do bridging, i think.
> [gateway:201.10.10.1]
> /
> /
> ----------------------------------------------
> |
> |[interface 1: 201.10.10.10]
> ---------
> <LINUX-BOX>
> ---------
> |[interface 2: 201.10.10.11]
> -----------------------------------------------
> |
> [client] {201.10.10.12-13}
> {gateway:201.10.10.1}
I've had an setup like this and it was quite difficult due to some different
solutions in the internet ;)
There is a bridge+firewall howto, have a look at it.
Basically you will need a kernel patch which creates a new ipchains chain with
the name "bridgein". There you can define rules which deny p.E. the access to
Port 137 in order to protect some windows machines.
Furthermore you will need a small program to control the bridge in usermode
