Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] Connecting firewall directly to router ...
  • From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 3 Dec 2001 07:49:10 +0200
  • Message-id: <20011203054803.CC18AE6362@xxxxxxxxxxxx>
On Monday 03 December 2001 07:37, Reckhard, Tobias wrote:
> Try:
> 1. man arp (see the options -D and -s)
> 2. http://www.linuxdoc.org/HOWTO/mini/Proxy-ARP-Subnet/
>
If I'm using IPTABLES and I'm using the DNAT rules, why does the kernel not
do the proxy-arp automatically? Surely what DNAT is trying to accomplish
requires this, i.e. listening on a public IP and redirecting to a private IP.

> > > 2. Configure the firewall to be the router for the official
> >
> > subnet of the
> >
> > > public servers. This is performed on the router.
>
> This would work like this (on the Cisco):
> # conf t
> (config)# ip route <IP of server1> 255.255.255.255 <IP of Linux-GW>
> (config)# ip route <IP of server2> 255.255.255.255 <IP of Linux-GW>
> ...
> (config)# end
> # copy run start
>
> HTH
> Tobias
>
> PS: I dislike either of these setups. If you've got separate subnets, you
> should have separate subnet addresses, IMHO. But the above should work
> nonetheless.
So you would have 66.8.45.161/28 on the router LAN interface and something
else on the internet interface on the firewall? Does this mean that the
internet interface on the firewall requires a public IP?

Ray

< Previous Next >
References