On Wed, 3 May 2000, Bill Hardin wrote:
> Currently my network IP address is xxx.xxx.xxx.128 with a subnet mask of
> 255.255.255.192. I assign the address of eth0 to be xxx.xxx.xxx.130 and
> eth1 to be xxx.xxx.xxx.131.
With that mask those addresses are on the same network.
> I assign the www server in the DMZ an IP of xxx.xxx.xxx.132 set the gateway
> to xxx.xxx.xxx.131 and it cannot ping to any machine other than itself.
That's consistant, since the packets will go out the interface that's the
first in the routing table for that network.
> The IPCHAINS rules on the firewall are all set to the default of ACCEPT.
>
> If I set the IP of eth1 to 10.0.0.1 and www machine to 10.0.0.2 and put the
> correct ipchains rules to forward and masq there is no trouble and I can
> ping/access internal and external hosts.
That's because you've moved the Web server to a different network than the
external and internal interfaces.
> Shouldn't I be using the my "real" IP addresses in the DMZ machines?
Only if you want the world to be able to access them ;)
> Am I creating a routing problem when I use the same address space for eth0
> and eth1?
Yep. Change your subnetting to a smaller mask and split the network
addressing into chunks you can route between.
> Any help is greatly appreciated.
Here's a good resource:
http://www.3com.com/nsc/501302.html
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
