Yeah, you are right, I forgot to add another NIC between the Router and the Firewall, that way, all the workstation will only see the firewall and he can put a DHCP on the firewall to distribute IPs.
This will look like this : NET_A --> Firewall --> Router NET_B --> Firewall --> Router The Firewall-Router interface will get it's IP from the Router and the other Subnet will get their IPs from the Firewall. This is a way to bypass the protected router and be able to manage a separate network. "Simon Hobson" <[EMAIL PROTECTED]> a écrit : > Pascal Poudrier wrote: > >> First of all, you cannot do that. It's impossible to make 2 same >> subnet communicate on a different network interface. What I'll >> suggest it that you block DHCP packets with the firewall and you >> create your own internal DHCP and you attribute different subnet for >> each subnet (NET_A = 192.168.1.0/24 and NET_B = 192.168.2.0/24). > > He probably can't do that so simply. If he can't access the internet > router config (which I think is the case from what he's written) then > he can't add the route required for that router to manage packets > to/from the 192.168.2.0/24 subnet. > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > ---------------------------------------------------------------- Messages de confidentialité Ce courriel (de même que les fichiers joints) est strictement réservé à l'usage de la personne ou de l'entité à qui il est adressé et peut contenir de l'information privilégiée et confidentielle. Toute divulgation, distribution ou copie de ce courriel est strictement prohibée. Si vous avez reçu ce courriel par erreur, veuillez nous en aviser sur-le-champ, détruire toutes les copies et le supprimer de votre système informatique. Merci. Confidentiality Notice This communication (including any files transmitted with it) is intended solely for the person or entity to whom it is addressed, and may contain confidential or privileged information. The disclosure, distribution or copying of this message is strictly forbidden. Should you have received this communication in error, kindly contact the sender promptly, destroy any copies and delete this message from your computer system. Thank you.. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
