-----Original Message----- From: "radel" <[EMAIL PROTECTED]> To: [email protected] Date: Sat, 17 Jan 2004 10:36:50 +0100 Subject: Firewall and proxy arp
> > I'm installing a debian firewall in my office network and I have some > questions. I'll try to explain my office network: I have a router and > some public ip addresses (say 8); I also have a switch directly > connected to the servers and the internal router's interface. Yes, I > know it's risky... I'm working on it;) > I want to insert a firewall between the servers and the router, of > course. > Moreover I want the ip addresses on the servers to be real public IPs > (no 1-1 nat or similar things). > I have only 8 IPs, so I can't do subnetting. > I think proxy arp is the best solution in my case. > BUT I want to connect different servers on different interfaces on the > firewall. Something like > Router > > Firewall > > > Server1 Server2 Server3 > > but server1, server2 and server 3 needs to be on a different firewall's > interface. > Please help me explaining my mistakes. > > I think I have to: > � enable proxy arp an all the internal firewall; > � assign a public ip address to the external firewall's interface; > � assign a fake ip address to all the internal interfaces; > � delete the routing table; > � set an host router for each server with the correct interface; > � set the host route for the router on the external intercae; > � set the default gateway via that router; > � drink a coffee. > > Am I right? Will all work as expected? Can I use only one public IP on > the firewall? > > What about server1 trying to contact server2? Will it work? > > Sorry for my poor english and many many thanks in advance. > > Radel > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > Have you considered using a bridging firewall? Check out : http://www.tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO.html http://sourceforge.net/projects/ebtables Hope this helps, Regards, Charlie
