On Fri, Mar 29, 2002 at 01:44:34PM -0800, [EMAIL PROTECTED] wrote:
> Hello Netfiler,
>
> Can I have a firewall with the 2 nic cards on the same network.
> I have this set up.
>
> <Router 192.168.1.0/24> ----- <switch>------<servers 192.168.1.0/24>
>
> I want
>
> <Router 192.168.1.0/24> ----- <192.168.1.0/24(eth0) FW
>192.168.1.0/24(eth1)>------<switch>------<servers 192.168.1.0/24>
>
> Is it possible?
Yes.
Let's say:
ROUTER [eth0] FW [eth1] SERVERS
192.168.1.1/24 192.168.1.2/24 192.168.1.2/24 192.168.1.3-254/24
Steps to take:
- Set up the IP on the FW nics:
ip addr add 192.168.1.2/24 dev eth0
ip addr add 192.168.1.2/24 dev eth1
- Enable proxy-arp on these interfaces:
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
- Remove the local routes:
ip ro del 192.168.1.0/24 dev eth0
ip ro del 192.168.1.0/24 dev eth1
- Add a /32 route for the router:
ip ro add 192.168.1.1/32 dev eth0
- Add a /24 route for the subnet:
ip ro add 192.168.1.0/24 dev eth1
You should be good to go.
Ramin
>
> Thanks
>
>
