[Shorewall-users] firewall bridge on eth1 eth0 with same subnet

Fri, 29 Aug 2008 06:15:29 -0700 

hello,

i use shorewall for a gateway with two different subnet.
i have two cards
eth1 (wifi card) onnected to internet by a router (192.168.1.1)
eth0 (rj45 card) which i use to connect pc to internet (NET_B)


ACTUALLY
------------------
eth1 is 192.168.1.99 with gateway and dns server 192.168.1.1
eth0 is 192.168.2.1

wifi router (192.168.1.1)
  |-> eth1 (192.168.1.99) - shorewall - eth0 (192.168.2.1) <-> NET_B 
(192.168.2.0/24)
  |-> NET_A (192.168.1.0/24)

dnsmasq is listening to eth0
a dhcp server is running on eth0 assign range 192.168.2.100 to 
192.168.2.200 with gateway and dns 192.168.2.1

shorewall is running as a firewall and bridge, doing masq from eth0 to 
eth1, and blocking traffic from eth1 to eth0
-- /etc/shorewall/masq contains lines
eth1 eth0
-- /etc/shorewall/rules contains lines (where loc is eth1 and net is eth0)
DROP        net:192.168.1.0/24    loc:192.168.2.0/24    all    -

--my /etc/network/interfaces looks like this:
auto eth0
iface eth0 inet static
    address 192.168.2.1
    netmask 255.255.255.0

auto eth1
iface eth1 inet static
     address 192.168.1.103
    netmask 255.255.255.0
    network 192.168.1.0
    broadcast 255.255.255.255
    gateway 192.168.1.1
    wireless-essid myessidap


WHAT I WANT
---------------
i would like my NET_B to have the same subnet of NET_A but they should 
be "separated" by shorewall.
for example a pc in NET_A should have 192.168.1.10 ip, and a pc in NET_B 
should have 192.168.1.10, but they should not see each other and they 
should not conflict

wifi router (192.168.1.1)
  |-> eth1 (192.168.1.99) - shorewall - eth0 (192.168.1.1 OR other) <-> 
NET_B (192.168.1.0/24)
  |-> NET_A (192.168.1.0/24)

all traffic from NET_A to NET_B DROPPED
all traffic from NET_B to NET_A DROPPED

eth0 should be 192.168.1.1 if possible, or should be 
192.168.1.anyothernumber, the important think is that NET_B.

i've try with proxyarp and nat to make thinks works like this but i'm 
not able to do this.
can anyone help me?

regards,
Davide






-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to