Thanks very much for your answers !
As IMHO the NAT implementation of netfilter doesn't reply arp's for the
static NAT entries (mappings), I'll have to set all the official addresses
to the external nic of the firewall.
I'm going to try this NAT approach ...
Cheers and thanks again
Phibo
On Mon, 11 Dec 2000, Ben Nagy wrote:
>> -----Original Message-----
>> From: Magic Phibo [mailto:[EMAIL PROTECTED]]
>> Sent: Tuesday, 12 December 2000 3:02
>> To: Ben Nagy
>> Subject: RE: Routing Question
>>
>>
>> On Mon, 11 Dec 2000, Ben Nagy wrote:
>> >> -----Original Message-----
>> >> From: Magic Phibo [mailto:[EMAIL PROTECTED]]
>> >> Sent: Friday, 8 December 2000 11:58
>> >> To: Ben Nagy
>> >> Cc: [EMAIL PROTECTED]
>> >> Subject: RE: Routing Question
>> >>
>> >[...]
>> >> >Set up ther external NIC on the firewall to own that whole
>> >> 199.199.199.208
>> >>
>> >> Do you mean setting up eth0 being the external nic with
>> >> 199.199.199.210 and
>> >> aliases eth0:0, eth0:1 ... for 199.199.199.211-222 ?
>> >
>> >No - I just meant to not subnet that network - have the
>> firewall netmask as
>> >a /28. Sorry - my language wasn't clear.
>>
>> OK, but how does the router know, that it should route all
>> addresses of the
>> official ip range thru the firewall ? Again, I don't have
>> access to the router
>> and would like to do it without having to contact and ask and
>> pay the provider.
>> I think, defining all the addressses to the external nic of
>> the firewall would
>> solve the routing problem, wouldn't it ?
>
>There is no routing problem. The router has an IP address in the range
>199.199.199.208/28 and so does the firewall. The router will look to find
>any _other_ addresses in that subnet on its local network - it will not try
>and route anywhere for them.
>
>All the firewall needs to do is have NAT mappings for those IP addresses.
>When the router ARPs for one of them, the firewall will answer (NAT does
>that, although it's sometimes implementation dependant.).
>
>Cheers,
>
>--
>Ben Nagy
>Marconi Services
>Network Integration Specialist
>Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
