Sheldon Lee Wen wrote: > I'm in a big bind. Our raptor firewall is toast, > > That said, now my boss wants to put in a linux firewall. > > The dev servers are on network xxx.xxx.xxx.xxx and the developer workstations > are on yyy.yyy.yyy.yyy > > I have the box on both networks and masquerading, so that you can go from the > developer workstations to the development servers. However, the development > servers use to be on the yyy.yyy.yyy.yyy and the raptor firewall has been > forwarding their old yyy.yyy.yyy.yyy addresses to the xxx.xxx.xxx.xxx > addresses, but the raptor firewall is not the router or gateway for the > yyy.yyy.yyy.yyy network. So, I'm not sure how I can do that on Linux. Has the > raptor firewall been acting as a router as well? Do I need routed on Linux? > > How do I do this on linux?
So the workstations think that the servers are on the same network? If that's the case, you need to use proxy-ARP on the firewall (or, preferably, just reconfigure the workstations to use the new addresses for the servers). Also, the "firewall" is already acting as a router. And, in any case, you don't need a routing daemon (routed, gated etc) in order to perform routing. A routing daemon exchanges routing information with other routing daemons and updates the local routing table automatically. On a large network, or one where routes change regularly, routing daemons eliminate the need to update routing tables manually. On a small network where the routes change infrequently, using a routing daemon isn't worth the effort involved in installation and maintenance. -- Glynn Clements <[EMAIL PROTECTED]>
