Mailinglist Archive: opensuse-security (97 mails)
| < Previous | Next > |
RE: [suse-security] Firewall with SuSE 6.2]
- From: "Schäfer, Axel" <a.schaefer@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 20 Oct 1999 15:27:09 +0200
- Message-id: <511FDFACA857D211A0E10060084D481205CBB6@intranet>
Hi Jochen,
let me get this right: you want to have all computers (friend and enemy) on
the same subnet? Well, if you want to do that, you have to pass all traffic
through the firewall using proxies. But since all of your PC's are on the
same net, they know each other "well" and they can adress every PC directly.
You must use subnets, but you can probably do it with just changing the
subnet mask from 255.255.255.0 to what every you want, for example
255.255.255.x (see Networking-HOWTO on this one).
But remember: you have to have the firewall stand between (!) the freinds
and the enemies!
Axel
> -----Original Message-----
> From: Jochen Mader [mailto:jochen@xxxxxxxxx]
> Sent: Friday, October 15, 1999 3:14 PM
> To: suse-security@xxxxxxxx
> Subject: Re: [suse-security] Firewall with SuSE 6.2]
>
>
> >Hi,
> >check out www.suse.de/~marc
> >The SuSEfwirewall 1.1 should be much better than the stuff
> on the current
> >distribution.
> >cheers
> >afx
>
> Thanx to afx for that link,
> but the real problem is still there. Has anybody any idea how
> to do the
> following:
> I got a network with 16 hosts on one side of the firewall
> (exactly those are
> the hosts I want to protect) and one host from that network
> (the router) has to
> be on the other side of the firewall, cause that's where evil
> traffic is
> coming from.
> My question is: Is it possible to do WITHOUT subnetting?
> I tried almost everything but it still doesnt't work:
> I can ping both devices of the firewall from the hosts on the
> inside, I can
> ping both devices of the firewall from the router and I can
> ping the internal
> hosts and the router from the firewall, but I can't ping an
> internal host from
> the router or the router from an internal host
> (spoof-protection is disabled).
>
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
let me get this right: you want to have all computers (friend and enemy) on
the same subnet? Well, if you want to do that, you have to pass all traffic
through the firewall using proxies. But since all of your PC's are on the
same net, they know each other "well" and they can adress every PC directly.
You must use subnets, but you can probably do it with just changing the
subnet mask from 255.255.255.0 to what every you want, for example
255.255.255.x (see Networking-HOWTO on this one).
But remember: you have to have the firewall stand between (!) the freinds
and the enemies!
Axel
> -----Original Message-----
> From: Jochen Mader [mailto:jochen@xxxxxxxxx]
> Sent: Friday, October 15, 1999 3:14 PM
> To: suse-security@xxxxxxxx
> Subject: Re: [suse-security] Firewall with SuSE 6.2]
>
>
> >Hi,
> >check out www.suse.de/~marc
> >The SuSEfwirewall 1.1 should be much better than the stuff
> on the current
> >distribution.
> >cheers
> >afx
>
> Thanx to afx for that link,
> but the real problem is still there. Has anybody any idea how
> to do the
> following:
> I got a network with 16 hosts on one side of the firewall
> (exactly those are
> the hosts I want to protect) and one host from that network
> (the router) has to
> be on the other side of the firewall, cause that's where evil
> traffic is
> coming from.
> My question is: Is it possible to do WITHOUT subnetting?
> I tried almost everything but it still doesnt't work:
> I can ping both devices of the firewall from the hosts on the
> inside, I can
> ping both devices of the firewall from the router and I can
> ping the internal
> hosts and the router from the firewall, but I can't ping an
> internal host from
> the router or the router from an internal host
> (spoof-protection is disabled).
>
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
| < Previous | Next > |