Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Firewall confusion
  • From: John Bland <shrike@xxxxxxxxxxxxx>
  • Date: Mon, 16 Jul 2001 14:24:14 +0100 (BST)
  • Message-id: <Pine.LNX.4.31.0107161347420.7140-100000@xxxxxxxxxxxxxxxxxxx>

Hi,

I'm having some bother setting up a firewall and although the problem is
pure networking I just thought I'd check I'm not doing something stupid.

We have a network here with a large number of proper unique ip addresses.
This is both for servers and workstations which people like to log into
etc from offsite.

What I'd like to do is put in some 'seamless' firewalling, ie retain our
unique ip addresses but firewall the connection to them to only allow
secure connections and log the traffic. To do this I'm putting in a linux
box with two NICs between our incoming connection and the primary hub.

I'm aware that using non-routables would be easier and more secure but
that would mean a complete overhaul of our setup and messing about with
proxies.

The problem is that this means the two NICs on the firewall are on the
same subnet. There appears to be some problem with routing in this setup.
I've not tried to do anything fancy just set up eth0 and eth1 as normal.

Any comments? I'd really rather avoid a wholescale move to 192.168.x.x if
possible.

Cheers,
JB

--
John Bland M.Phys (Hons) AMInstP / \ PhD Student & Sys Admin
Email: j.bland at cmp.liv.ac.uk / \ Condensed Matter Group
http://ringtail.cmp.liv.ac.uk/ / \ Liverpool University
"Hey, I wonder how much meat you get on a womble?" -- Eddie


< Previous Next >
Follow Ups