On 6/26/06, Leo Alvyn 'Vynnie' Cruz <[EMAIL PROTECTED]> wrote:
LINUXFIREWALL (untrusted) - eth0 10.10.10.178/255.255.255.248 (dmz) - eth2 10.10.10.179/255.255.255.248 | DMZHOST 10.10.10.180/255.255.255.248Routing in LINUXFIREWALL is as follows: Destination Gateway Genmask Iface 0.0.0.0 10.10.10.177 0.0.0.0 eth0 10.10.10.176 0.0.0.0 255.255.255.248 eth0 10.10.10.176 0.0.0.0 255.255.255.248 eth2 10.10.10.180 10.10.10.179 255.255.255.255 eth2
When LINUXFIREWALL tries to send a packet to 10.10.10.180, it encounters the 2nd line in the table which matches the packet (since it's within the 10.10.10.176/29 subnet) and sends the packet out over eth0 (wrong iface). To avoid confusion, make your FW-to-Router subnet different from your FW-to-DMZ subnet. Your FW-to-Router can just be a /30 subnet, then you can make your FW-to-DMZ a separate /24 net since you're using private IPs anyway. Also, if you define a routing entry for your DMZ subnet on eth2, the 4th line is no longer needed.
Routing in DMZHOST is as follows: Destination Gateway Genmask Iface 0.0.0.0 10.10.10.179 0.0.0.0 eth0
Nothing wrong with this host's tables... -bodgie _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
