Hi This is simply not possible (as you already suspect). The sense of different IPs is to differentiate between networks, so if you have the same network address on two interfaces, the system cannot deduce to which network to send the packets (except based on network/default route). Your solution should look like this: Configure eth1 with a private IP (e.g. 192.168.1.1) Add host routes to your webservers to eth1 (e.g. route add -host webserver1 dev eth1) Add host routes to eth1-IP on your webservers (e.g. route add -host bastion dev eth0) Add default routes over bastion (e.g. route add default gw bastion) hope that helps (and I got it right) Greetings olli On Thu, 16 Nov 2000, jan.meyer wrote:
Hi list,
I'm working on a Bastion Host/DMZ config. I have the following setup:
Internet-> Router-> BastionHost-> Switch-> Firewall-> LAN ----------------------------- \DMZ/ (Webserver)
In the DMZ are placed some Webservers with public IP's. The Bastion Host machine has two network interfaces, both with public IP's in the same subnet(!?). The first network-interface (eth0) is connected to the router, the second one (eth1) connected to the switch as the default gateway for the webservers (and Proxy for the LAN).
# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 131.131.111.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 131.131.111.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 131.131.111.1 0.0.0.0 UG 0 0 0 eth0
The problem for me is, to access both network devices seperately. (Only eth0 is working because of the default route) I guess this is a error in reasoning. Can somebody give me a hint on how to solve this problem ? Maybe it's the wrong topology ?
Thanks ;)
jan.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--
--------------------------------------
Oliver Hensel