Firewall Wizards mailing list archives

Re: Firewall configuration questions.

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 27 Apr 2000 16:03:12 -0400 (EDT)


Are you sure this is the direction of the question?  I may have
misinterpreted it, but, I got the impression that he was asking if one can
avoid NAT and do just real IP's behind the firewall.  Now I might also be
misreading you, but, is not your answer suited to a one to one NAT
remapping of public addresses before going insideout through the firewall?
Or am I misreading this whole thread?

Thanks,

Ron DuFresne

On Wed, 26 Apr 2000, daN. wrote:

The trick here is that if your gateway does not know about your firewall 
(IE that it should route some addresses through you) you have to proxy arp 
for the machines behind your firewall.  (it really doesn't matter about 
faking the subnets as long as your firewall knows the route to the 
gateway.  YOu proxy arp like this:

arp -i eth0  -s <ip to proxy arp> <outside nic Hardware address> pub

daN.

At 08:35 PM 4/20/00 -0400, R. DuFresne wrote:

Yes.

It i not the safest thing, but there are times the needs outweight the
costs.

Thanks,

Ron DuFresne

On Thu, 20 Apr 2000, John Morey wrote:

1) Is  possible, using Linux, to setup a firewall such that it has

public IP addresses on both

sides.  I thought I read something about this some time back but I can

not find it now.  If I

remember correctly the trick had to do with putting both network

interfaces on the same network

but giving the external interface a network mask of 255.255.255.252 and

the internal interface

a network mask of 255.255.255.0.

2) If the above is possible, is it advisable?  What are the up and

downs as apposed to doing it

the "normal" way where the internal machines have private IP addresses?

Thanks for any help or info,

John Morey
jmorey () mmintl com


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

Current thread:

Firewall configuration questions. John Morey (Apr 20)
- Re: Firewall configuration questions. R. DuFresne (Apr 21)
- Re: Firewall configuration questions. Paul D. Robertson (Apr 26)
  - Re: Firewall configuration questions. John Morey (Apr 27)
- Message not available
  - Re: Firewall configuration questions. daN. (Apr 27)
    - Message not available
    - Re: Firewall configuration questions. daN. (Apr 28)
    - Re: Firewall configuration questions. R. DuFresne (Apr 28)
- <Possible follow-ups>
- Re: Firewall configuration questions. Rogue Bolo (Apr 26)