RE: [suse-security] Firewall with SuSE 6.2]
Hi Jochen, let me get this right: you want to have all computers (friend and enemy) on the same subnet? Well, if you want to do that, you have to pass all traffic through the firewall using proxies. But since all of your PC's are on the same net, they know each other "well" and they can adress every PC directly. You must use subnets, but you can probably do it with just changing the subnet mask from 255.255.255.0 to what every you want, for example 255.255.255.x (see Networking-HOWTO on this one). But remember: you have to have the firewall stand between (!) the freinds and the enemies! Axel
-----Original Message----- From: Jochen Mader [mailto:jochen@teg-me.de] Sent: Friday, October 15, 1999 3:14 PM To: suse-security@suse.com Subject: Re: [suse-security] Firewall with SuSE 6.2]
Hi, check out www.suse.de/~marc The SuSEfwirewall 1.1 should be much better than the stuff on the current distribution. cheers afx
Thanx to afx for that link, but the real problem is still there. Has anybody any idea how to do the following: I got a network with 16 hosts on one side of the firewall (exactly those are the hosts I want to protect) and one host from that network (the router) has to be on the other side of the firewall, cause that's where evil traffic is coming from. My question is: Is it possible to do WITHOUT subnetting? I tried almost everything but it still doesnt't work: I can ping both devices of the firewall from the hosts on the inside, I can ping both devices of the firewall from the router and I can ping the internal hosts and the router from the firewall, but I can't ping an internal host from the router or the router from an internal host (spoof-protection is disabled).
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (1)
-
"Schäfer, Axel"