Hi !
I was looking around a long time till I found the LEAF project, wich could be the solution to all my needs. Since a few weeks I work my way to the Bering and Shorewall documentation and I am not sure if I am on the right way. So I hope someone can tell me if I am right or should start again with a different approach. Now heres my situation:
We have a subnet with 128 public IP addresses, wich are assigned to servers and workstations as well. All machines are using only local security features like personal firewalls. The future goal is to split to a dmz and a local net. But at the moment that would mean too much work to reconfigure all machines. So I want to do the changes step by step.
For the first step I decided to use ProxyArp cause this means no reconfiguration, just putting the firewall between the IPSs router and my switch. The simplest set up I found is to use one public IP address for eth0, another public address on eth2 and a RFC1918 address on eth1 for future use. Then all I have to do is set the proxyarp option in the shorewall interfaces file for both eth0 and eth2. Is that correct ?
Example:
Public subnet assigned by ISP: 192.0.2.128/25 ISP Router: 192.0.2.129/25 Firewall: eth0 192.0.2.130 (to router) eth1 192.168.1.254 (to future local net) eth2 192.0.2.131 (to dmz , actually the whole current net)
shorewall interfaces file: net eth0 detect proxyarp,norfc1918 loc eth0 detect dmz eth0 detect proxyarp
In addition to Charles's comment:
I assume that you meant those three records for eth0, eth1 and eth2 respectively and not all for eth0.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED]
-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
