Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] firewall NICs on same subnet ADDENDUM
  • From: Soeren Eyhusen <seyhuse@xxxxxxx>
  • Date: Wed, 18 Jul 2001 09:43:32 +0200
  • Message-id: <3B553E24.370A6D0B@xxxxxxx>
"gabriel.rivera" wrote:
>
> One thing I forgot:
>
> It actually doesn't work if the internal interface has a real address on the
> same subnet as the external firewall interface and the internal hosts!! So
> much for the subject heading :[
>

I think it should work with real IPs on both NICs, too. Suppose your
"protected" machines are connected to eth1, then, after setting up the
ARPs and Routes as you described, a

echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp

should do. Now the firewall should do proxy arp for all machines it can
reach via eth0.


Greets,

Soeren Eyhusen.

< Previous Next >
References