On 15.10.2002 at 14:51:24, Herve Bonvin <[EMAIL PROTECTED]> wrote: <snip> > I have 2 OSA-E ports. One for the content zones and one for the intranet. Is > it possible to share a port between the 2 content zones ? Direct communication > is of course not permitted.
I was not completely clear where the firewall is going, but keep this in mind: any systems that share an OSA-E port will have direct connectivity between them. This is provided by the microcode of the OSA-E and I do not know of a way to turn it off. So, if the firewall is meant to isolate all three systems from each other, then you will need another OSA-E port. If two of the zones can have direct connectivity, they can share a port. Also keep in mind that some very effective firewalls can be built using iptables (ipchains for kernel 2.2). It may be feasible for two of the systems to use Linux firewalling to allow them to share an OSA-E port; the requirements for the isolation (from each other) of those systems might not be as stringent as you would require in protecting your DB2 zone from the Internet. (did that make sense?) Cheers, Vic Cross
