> -----Original Message-----
> From: Gary Maltzen [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, 25 February 2001 6:20
> To: Dennis Dai
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Dual firewall question (revisited, long)
>
>
> I keep wondering if something like the following will work
> (Ben: it's TOO obvious; what glaring hole did I miss?)
>
[nasty ASCII art snipped]
>
> WWW route table
> host 10.1.0.5 eth0:1
> host 10.2.0.5 eth0:2
> net 10.1.0.0 eth0:1
> net 10.2.0.0 eth0:2
> default gw 10.1.0.1 eth0:1
> default gw 10.2.0.1 eth0:2
These two default gw statements are what I didn't think were possible.
A similar plan to this one (using real NICs, not virtuals) came up in the
first thread. At the time, mouss pointed out that most stacks do not
remember the interface they received a packet on when making outbound
routing decisions (for the WWW response). I didn't believe it at the time,
and tested it in the lab. I can report that humbling "learning experiences"
are good for the soul. ;)
If you can get it to work as above, though, that should work as well, and
would be much simpler. I suspect that the WWW server will just use the first
IP address to source the response packets, though.
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
