Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
RE: [suse-security] Connecting firewall directly to router ...
  • From: "Reckhard, Tobias" <tobias.reckhard@xxxxxxxxxxx>
  • Date: Mon, 3 Dec 2001 06:37:14 +0100
  • Message-id: <96C102324EF9D411A49500306E06C8D1A56C72@xxxxxxxxxxxxxxxxx>
> Sorry ... made a mistake there ... 130 should be 166

OK.

> > You can do either of two things to remedy the situation:
> > 1. Configure the firewall to perform proxy-arp on behalf of
> the public
> > servers. You do this on the firewall.
> This sounds like what I'm looking for, any idea on how I can do this?

Try:
1. man arp (see the options -D and -s)
2. http://www.linuxdoc.org/HOWTO/mini/Proxy-ARP-Subnet/

> > 2. Configure the firewall to be the router for the official
> subnet of the
> > public servers. This is performed on the router.

This would work like this (on the Cisco):
# conf t
(config)# ip route <IP of server1> 255.255.255.255 <IP of Linux-GW>
(config)# ip route <IP of server2> 255.255.255.255 <IP of Linux-GW>
...
(config)# end
# copy run start

HTH
Tobias

PS: I dislike either of these setups. If you've got separate subnets, you
should have separate subnet addresses, IMHO. But the above should work
nonetheless.

< Previous Next >
Follow Ups