Re: [SLUG] Firewall setup.

Tue, 01 Aug 2000 01:05:30 -0700 

I want to do something similar, but need this....

I basically want to insert a box between the router and the rest of my
network.

-Colin

 +--------+
 | router | 
 +--------+
  ^
  |
  |
  \/
 +----------+
 | firewall |
 +----------+
  ^
  |
  |
  |
 +--------+
 | SWITCH |---------------------+---external machine
 +--------+                     |
  ^                             +---external machine (and so on)
  |                              
  |
  |
 +---------+
 | Firewall|
 +---------+
  | | |
  | | +-- 10.2.0.0/255.255.0.0 (private network)
  | +---- 192.168.1.11
  +------ 192.168.1.12


John Wiltshire wrote:
> 
> From: John Wiltshire [mailto:[EMAIL PROTECTED]]
> >
> > From: Rodos [mailto:[EMAIL PROTECTED]]
> >
> > > Having trouble working out a firewall setup. Here is what I have
> > >
> > > Basically everything is in the same address range. I want to use the
> > > firewall box as a bridge I think. I they were all masqueraded
> > > address it
> > > would be easier. I just can seam to work out how to setup
> > the routing.
> >
> > This situation will not work.  You need the network (x.x.x.x/y) to be
> > different on each side of the Firewall box so it can figure
> > out where to
> > send packets.  Use a private network (192.168.x.x) between
> > the router and
> > the firewall and it will work just fine.
> 
> Actually, on further thought, you would be better using the private network
> behind the firewall (for the three clients).  This means you don't have to
> play with routing on the other side of the router.  See below:
> 
> +--------+
> | router | - 203.1.1.30
> +--------+
>  ^
>  |
>  |
> eth1
> 203.1.1.24
>  |
>  \/
> +----------+
> | firewall |
> +----------+
>  ^
>  |
> eth0
> 192.168.1.1
>  |
>  |
> +-----+
> | HUB |
> +-----+
>  | | |
>  | | +-- 192.168.1.10
>  | +---- 192.168.1.11
>  +------ 192.168.1.12
> 
> Clients point their default gateway at 192.168.1.1, firewall has a default
> route to the router on eth1 and no routes on eth0.  Should work just fine.
> 
> Sorry for the miscue.
> 
> John Wiltshire
> 
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug


--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Reply via email to