[TriLUG] Firewall question....
Tue, 19 Mar 2002 20:37:26 -0500
Content-Type: text/plain; charset=us-ascii
firstname.lastname@example.org [email@example.com] wrote:
> So, my (first) question is: Can we tell a linux box to route packets
> from, say eth1 ( which has an address like 10.0.0.3 and is
> for the internal network ) out through eth0 ( which might have an address
> of 10.0.0.2 ) to the internal side of the other
> router? ( 10.0.0.1 ) My first hunch is to say no, because doing so, you'd
> essentially be telling it to "route" packets
> to the same network.
> Is my thinking on this correct, and if so, how do I get around it? Split
> the 10.x.x.x address range up, using subnetting?
Yes, subnet it. MAke your internal network 10.0.0.0/24, your DMZ
10.0.1.0/24, and your external net 10.0.2.0/24 (or something like this).
They'll need to be different networks so that in knows it needs to
route (assuming this isn't a bridging firewall).
"Let the power of Ponch compel you! Let the power of Ponch compel you!"
-- Zorak on Space Ghost
GNUPG Key fingerprint =3D ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key =3D http://www.enoch.org/mike/mike.pubkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----