> -----Original Message-----
> From: mouss [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, 25 October 2000 12:42 AM
> To: horio shoichi; David Loysen
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: Dual firewall question
>
>
> hummm.
>
> either he NATs clients source addresses, and follow Bens words, in
> whih case, everything will work,
> or he doesn't NAT clients source addresses, and then as I said before,
> it can't work.
Not so hasty - I think he's got a solution there.
If he's saying what I think he's saying then it can work:
On the WWW box, have two NICs. NIC one is connected to FW1 and ISP1, NIC2 to
FW2, ISP2. As long as each NIC has a _different_ default gateway it will
work fine. You just have a NAT mapping at each ISP for the internal address
of NIC1 and NIC2 respectively. Oh, and don't enable IP forwarding.
This means that traffic from ISP1 comes in via NIC1. The response goes OUT
via NIC1 and therefore uses ISP1 as the gateway.
The only question is whether the box can use two default gateways (which
should work for most OSes, shouldn't it?)
Why didn't I think of that? ;)
[...]
>
> At 22:09 24/10/00 +0900, horio shoichi wrote:
>
> >Thanks. Your reply clarified how your firewalls are working.
> >
> >
> >Back to the point:
> >
> >Last time I proposed a solution based on two one to one NAT
> entries which you
> >seem to have some difficulty with. So this time I broke it
> down to potential
> >problem area and possible workarounds.
Cheers,
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
