Pascal Poudrier wrote: >Yeah, you are right, I forgot to add another NIC between the Router >and the Firewall, that way, all the workstation will only see the >firewall and he can put a DHCP on the firewall to distribute IPs. > >This will look like this : > >NET_A --> Firewall --> Router >NET_B --> Firewall --> Router > >The Firewall-Router interface will get it's IP from the Router and >the other Subnet will get their IPs from the Firewall. > >This is a way to bypass the protected router and be able to manage a >separate network.
Not forgetting that unless you have access to the router to add static routes for the two subnets you choose for NET_A and NET_B, then the firewall will have to do NAT. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
