Hi John, My gut reaction is that this is a routing problem - Your external NIC wants to be set up (I think) on a "subnet of 1" so that the routing table can direct packets from a.b.c.x/255.255.255.0 to a.b.c.y/255.255.255.255 Hope this isn't a red herring... Maf. On 2001.07.16 14:24:14 +0100 John Bland wrote:
Hi,
I'm having some bother setting up a firewall and although the problem is pure networking I just thought I'd check I'm not doing something stupid.
We have a network here with a large number of proper unique ip addresses. This is both for servers and workstations which people like to log into etc from offsite.
What I'd like to do is put in some 'seamless' firewalling, ie retain our unique ip addresses but firewall the connection to them to only allow secure connections and log the traffic. To do this I'm putting in a linux box with two NICs between our incoming connection and the primary hub.
I'm aware that using non-routables would be easier and more secure but that would mean a complete overhaul of our setup and messing about with proxies.
The problem is that this means the two NICs on the firewall are on the same subnet. There appears to be some problem with routing in this setup. I've not tried to do anything fancy just set up eth0 and eth1 as normal.
Any comments? I'd really rather avoid a wholescale move to 192.168.x.x if possible.
Cheers, JB
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~