Pieter Donche wrote:
>I want to install a fireall with 2 extra interfaces :
>
>- My serv ("dmz") zone is a /28 subnet behind eth1, with a small number of SUN
>servers (IPs between ABC.DEF.75.1 and .13), one of which is a DHCP server for
>the 75 subnet.
>- The loc zone are PCs in the 75 subnet behind eth2 with IPs between
>ABC.DEF.75.17 and .253
>- The fw zone is the firewall itself (SuSE 10.2) (eth0)
>
>
>The setup of the network cards is:
> eth0 eth1 (for zone serv) eth2 (for zone loc)
>IP: ABC.DEF.70.201 ABC.DEF.75.14 ABC.DEF.75.254
>HN: pcfw0 (prompt) (pcfw0) (prompt) (pcfw0) (prompt)
>SM: 255.255.255.0 255.255.255.240 255.255.255.0
>GA: ABC.DEF.70.254 ABC.DEF.70.254 ABC.DEF.70.254
>BA: ABC.DEF.70.255 ABC.DEF.75.15 ABC.DEF.75.255
You are aware that this is not a valid IP configuration aren't you ?
ABC.DEF.75.0/28 (serv) is a subnet of ABC.DEF.75..0/24 (loc), and so
you have overlapping address spaces (eg, ABC.DEF.75..1 is valid on
two networks) which means that the required routing is ambiguous.
Also, ABC.DEF.70.254 is not a valid gateway address for the serv
network - it's not in the subnet. Ditto for the loc network.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
