Re: [Shorewall-users] Multi-network bridge

Tue, 17 Apr 2007 13:09:34 -0700 

  http://www.shorewall.net/NewBridge.html

  Sorry if I even badly read the book...

=============================
There are a several key differences in this setup and a normal Shorewall 
configuration:

  a.. The Shorewall system (the Bridge/Firewall) has only a single IP address 
even though it has two ethernet interfaces! The IP address is configured on the 
bridge itself, rather than on either of the network cards.

  b.. The systems connected to the LAN are configured with the router's IP 
address (192.168.1.254 in the above diagram) as their default gateway.

  c.. traceroute doesn't detect the Bridge/Firewall as an intermediate router.

  d.. If the router runs a DHCP server, the hosts connected to the LAN can use 
that server without having dhcrelay running on the Bridge/Firewall.

Warning
Inserting a bridge/firewall between a router and a set of local hosts only 
works if those local hosts form a single IP network. In the above diagram, all 
of the hosts in the loc zone are in the 192.168.1.0/24 network. If the router 
is routing between several local networks through the same physical interface 
(there are multiple IP networks sharing the same LAN), then inserting a 
bridge/firewall between the router and the local LAN won't work.

There are other possibilities here -- there could be a hub or switch between 
the router and the Bridge/Firewall and there could be other systems connected 
to that switch. All of the systems on the local side of the router would still 
be configured with IP addresses in 192.168.1.0/24 as shown below.

=============================

. . .                            
             . . .               
   Yves Belanger, ift.a.u.     : 
   Administrateur de systèmes  : 
                               : 
   Darius Technologies         : 
             . . .               
                                 

----- Message d'origine ----- 
De : "Tom Eastep" <[EMAIL PROTECTED]>
À : "Shorewall Users" <shorewall-users@lists.sourceforge.net>
Cc : <[EMAIL PROTECTED]>
Envoyé : 17 avril 2007 15:50
Objet : Re: [Shorewall-users] Multi-network bridge


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to