Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] Firewall confusion
Hi John,

My gut reaction is that this is a routing problem - Your external NIC wants
to be set up (I think) on a "subnet of 1" so that the routing table can
direct packets from a.b.c.x/255.255.255.0 to a.b.c.y/255.255.255.255

Hope this isn't a red herring...

Maf.


On 2001.07.16 14:24:14 +0100 John Bland wrote:
>
> Hi,
>
> I'm having some bother setting up a firewall and although the problem is
> pure networking I just thought I'd check I'm not doing something stupid.
>
> We have a network here with a large number of proper unique ip addresses.
> This is both for servers and workstations which people like to log into
> etc from offsite.
>
> What I'd like to do is put in some 'seamless' firewalling, ie retain our
> unique ip addresses but firewall the connection to them to only allow
> secure connections and log the traffic. To do this I'm putting in a linux
> box with two NICs between our incoming connection and the primary hub.
>
> I'm aware that using non-routables would be easier and more secure but
> that would mean a complete overhaul of our setup and messing about with
> proxies.
>
> The problem is that this means the two NICs on the firewall are on the
> same subnet. There appears to be some problem with routing in this setup.
> I've not tried to do anything fancy just set up eth0 and eth1 as normal.
>
> Any comments? I'd really rather avoid a wholescale move to 192.168.x.x if
> possible.
>
> Cheers,
> JB
>


--

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Maf. King
Standby Exhibition Services

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"It is easier to do a job right than to explain why you didn't."

- Martin Van Buren

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


< Previous Next >
References