[TriLUG] Firewall question....
Mike Johnson
trilug@trilug.org
Tue, 19 Mar 2002 20:37:26 -0500
--gMqNd2jlyJQcupG/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
prhodes@vdsinc.com [prhodes@vdsinc.com] wrote:
=20
> So, my (first) question is: Can we tell a linux box to route packets
> from, say eth1 ( which has an address like 10.0.0.3 and is
> for the internal network ) out through eth0 ( which might have an address
> of 10.0.0.2 ) to the internal side of the other
> router? ( 10.0.0.1 ) My first hunch is to say no, because doing so, you'd
> essentially be telling it to "route" packets
> to the same network.
>=20
> Is my thinking on this correct, and if so, how do I get around it? Split
> the 10.x.x.x address range up, using subnetting?
Yes, subnet it. MAke your internal network 10.0.0.0/24, your DMZ
10.0.1.0/24, and your external net 10.0.2.0/24 (or something like this).
They'll need to be different networks so that in knows it needs to
route (assuming this isn't a bridging firewall).
Mike
--=20
"Let the power of Ponch compel you! Let the power of Ponch compel you!"
-- Zorak on Space Ghost
GNUPG Key fingerprint =3D ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key =3D http://www.enoch.org/mike/mike.pubkey.asc
--gMqNd2jlyJQcupG/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org
iD4DBQE8l+fVicTfml3dldERAk0rAJ99i6Ia9DcUYj+sKq30FOCdCApEnQCXQkna
f+Vwd1Wzsi0FBq+R6AVk1A==
=dhbe
-----END PGP SIGNATURE-----
--gMqNd2jlyJQcupG/--