Hi:
My name is guillermo and I write you from spain. I found the Darron
following question in internet and I'm in the same situation (we want to
install linux red hat 6.2 firewall over a public class C network). Our NIC's
are configured with x.x.x.3 in eth0 to the internet world and x.x.x.4 to the
LAN world. My router is x.x.x.1.
************************************************************************
DARRON QUESTION:
Hello, I've asked several other people, but noone can seem to answer this
question.
Can/how under Linux can I use two ethernet cards under the same subnet and
network. i.e. my network is x.x.53.1, i want one interface to be x.x.53.2
and one
to be x.x.53.3 ... I'm trying to make a firewall with this, but every time
I get
linux to use those as the addresses, it tries to use x.x.53.3 as the main
device,
but I'm trying to setup x.x.53.2 as eth0 (to the internet/world), and
x.x.53.3 as
eth1 (to our lan/wan). Linux always seems to get confused when I do this.
It works great if my internal eth1 is 192.168.x.x and eth0 is x.x.53.2, but
I
want them under the same network so I don't have to change all my pc's
to a new network, plus a couple machines including the router will be
outside
the firewall. I've tried to figure out how to use the "route" command
under linux,
but its been rather confusing for me. Oh btw, I'm using Linux kernel 2.0.35
under
Redhat 5.1 (as if that matters too much). I've tried reading almost all of
the
networking related Linux HOWTO's but none of them seem to describe or
explain
a situation like I am describing above. If you need more info and can
help, please
let me know. If you know someone else better suited to answer this, please
let me know. If you can point me to a specific book/document that might
answer
this question, please let me know. Btw, its not at all useful or
convienient for me
to use the newsgroups for this as I don't have usenet news access.
Thanks,
Darron
************************************************************************
My initial configuration is like this:
Network 0 (ifcfg-eth0) (external):
DEVICE=eth0
BOOTPROTO=static
IPADDR=x.x.x.3
NETMASK=255.255.255.0
NETWORK=x.x.x.0
BROADCAST=x.x.x.255
GATEWAY=x.x.x.1
ONBOOT=yes
Network 1 (ifcfg-eth1) (internal LAN):
DEVICE=eth1
BOOTPROTO=static
IPADDR=x.x.x.4
NETMASK=255.255.255.0
NETWORK=x.x.x.0
BROADCAST=x.x.x.255
ONBOOT=yes
I'm see the Glynn Clements reply but your proposing don't help me
because my routing table as display route -n, and after adding your
suggestion lines:
route add -net x.x.x.0 netmask 255.255.255.0 dev eth1
route add -host x.x.x.RRR dev eth0
route add default gw x.x.x.RRR dev eth0
where x.x.53.RRR is the address of your router.
This leave "route -n" like this:
Destination - Gateway - Genmask - Flags - Metric - Ref - Use - Iface
x.x.x.1 - 0.0.0.0 - 255.255.255.255 - UH - 0 - 0 - 0 - eth0 (external if to
Router)
x.x.x.3 - 0.0.0.0 - 255.255.255.255 - UH - 0 - 0 - 0 - eth0 (external if)
x.x.x.4 - 0.0.0.0 - 255.255.255.255 - UH - 0 - 0 - 0 - eth1 (internal if)
x.x.x.0 - 0.0.0.0 - 255.255.255.0 - U - 0 - 0 - 0 - eth0 (external network)
x.x.x.0 - 0.0.0.0 - 255.255.255.0 - U - 0 - 0 - 0 - eth1 (internal network)
127.0.0.0 - 0.0.0.0 - 255.0.0.0 - U - 0 - 0 - 0 - lo (loopback)
0.0.0.0 - x.x.x.1 - 0.0.0.0 - UG - 0 - 0 - 0 - eth0 (Router as default
gateway)
All the responses to pings are slow inclusively to router with "ping -I
eth0 x.x.x.1" and the network 0 don't see network 1 and vice versa. Network
0 is inaccesible from network 1 and viceversa.
I 'm probing too with proxy-ARP as Glynn Clements suggest although
this is no valid for me because i want that all the host can see between
them.
With two subnet according to ProxyARP subnetting HOWTO and following the
scheme:
Network 0 (ifcfg-eth0):
DEVICE=eth0
BOOTPROTO=static
IPADDR=x.x.x.170
NETMASK=255.255.255.252
NETWORK=x.x.x.168
BROADCAST=x.x.x.171
ONBOOT=yes
Network 1 (ifcfg-eth1):
DEVICE=eth1
BOOTPROTO=static
IPADDR=x.x.x.4
NETMASK=255.255.255.0
NETWORK=x.x.x.0
BROADCAST=x.x.x.255
ONBOOT=yes
In this way the firewall know where find all the host and ping packets from
firewall to network response quickly. The problem is that host from network
0 can't see host on network 1 and vice versa. ARP command to pass packets
quickly from network 1 to 0 show me the following error:
arp -i eth1 -Ds x.x.x.0 eth1 netmask 255.255.255.0 pub
error: SIOCSARP: invalid argument
I don't know if anybody solve this problem and can help me. � Need I to
install a bridge or IP-forwarding or other software additional ?
TIA, Guillermo.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
=?iso-8859-1?Q?Firewalling_with_2_NIC=B4s_over_a_public_class_C_network?=
Guillermo G�mez Valc�rcel Wed, 23 Aug 2000 00:03:34 -0700
- Re: Firewalling with 2 NIC?s over a public class... Guillermo G�mez Valc�rcel
- Re: Firewalling with 2 NIC?s over a public ... Ola Samuelson
- RE: Firewalling with 2 NIC?s over a pub... Guillermo G�mez Valc�rcel
- Re: Firewalling with 2 NIC?s over a... Ola Samuelson
