Thanks Ola for your reply but i think this not fill our requerements. We have 2 NICs over firewall and a router on same subnet. To begin i want to be accesible DMZ and noDMZ host from both sides and implement the rules to limit that access later. Can i to implement this with arp?. Must i to divide my subnet in two and implement IP forward?. I have probe the Ola Samuelson suggest although this is no valid for me because i want that all the host can see between them. In any case the commands: arp -s x.x.x.3 MAC_address_of_NIC_at_x.x.53.4 pub arp -s x.x.x.4 MAC_address_of_NIC_at_x.x.53.4 pub don't seem to help me to see (with pings) DMZ hosts to no DMZ. My NICs configuration are the following: Network 0 (ifcfg-eth0) (external): DEVICE=eth0 BOOTPROTO=static IPADDR=x.x.x.3 NETMASK=255.255.255.0 NETWORK=x.x.x.0 BROADCAST=x.x.x.255 GATEWAY=x.x.x.1 ONBOOT=yes Network 1 (ifcfg-eth1) (internal LAN): DEVICE=eth1 BOOTPROTO=static IPADDR=x.x.x.4 NETMASK=255.255.255.0 NETWORK=x.x.x.0 BROADCAST=x.x.x.255 ONBOOT=yes and the arp -an after commands: ? (x.x.x.3) at * PERM PUP on eth1 ? (x.x.x.4) at * PERM PUP on eth1 Thanks for your time. Guillermo. ----- Original Message ----- From: Ola Samuelson <[EMAIL PROTECTED]> To: Guillermo G�mez Valc�rcel <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, August 23, 2000 11:34 AM Subject: Re: Firewalling with 2 NIC�s over a public class C network > Hi! > If this is want You want to do, some ideas ..... > > Did this once before. > FW with 3 nics and a router. > 2 NICs and router on same subnet. > Proxy arp makes it work. > > Proxy arp is needed if they are on the same logical net but different NICs. > You may use the exactly same netmask and such for all nets. > > Something like this(not sure off hand) on the firewall machine: > arp -s x.x.53.2 MAC_address_of_NIC_at_x.x.53.3 pub > arp -s x.x.53.3 MAC_address_of_NIC_at_x.x.53.3 pub > > This solves following: > * Coming in on external IF and finding DMZ IF(net) via the MAC-address of the > External IF. > > Does not solve follwing: > * Forwarding, routing etc BUT now it CAN work > > Hint: > * I would use newer/other dist than 5.1 or reinstall new kernel/packages. For > security reasons, > new features, ease of administration and stability. All of these are important > if You want to build a firewall. > > Hope I remember all this correctly..... :-) > > > HTH > file://OLAS > > > > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
=?iso-8859-1?Q?RE:_Firewalling_with_2_NIC=B4s_over_a_public_class_C_netwo?==?iso-8859-1?Q?rk?=
Guillermo G�mez Valc�rcel Wed, 23 Aug 2000 05:01:15 -0700
- Firewalling with 2 NIC?s over a public class C n... Guillermo G�mez Valc�rcel
- Re: Firewalling with 2 NIC?s over a public ... Ola Samuelson
- Re: Firewalling with 2 NIC?s over a pub... Guillermo G�mez Valc�rcel
- Re: Firewalling with 2 NIC?s over a... Ola Samuelson
