Firewall Wizards mailing list archives
Re: Firewall configuration questions.
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 27 Apr 2000 16:03:12 -0400 (EDT)
Are you sure this is the direction of the question? I may have misinterpreted it, but, I got the impression that he was asking if one can avoid NAT and do just real IP's behind the firewall. Now I might also be misreading you, but, is not your answer suited to a one to one NAT remapping of public addresses before going insideout through the firewall? Or am I misreading this whole thread? Thanks, Ron DuFresne On Wed, 26 Apr 2000, daN. wrote:
The trick here is that if your gateway does not know about your firewall (IE that it should route some addresses through you) you have to proxy arp for the machines behind your firewall. (it really doesn't matter about faking the subnets as long as your firewall knows the route to the gateway. YOu proxy arp like this: arp -i eth0 -s <ip to proxy arp> <outside nic Hardware address> pub daN. At 08:35 PM 4/20/00 -0400, R. DuFresne wrote:Yes. It i not the safest thing, but there are times the needs outweight the costs. Thanks, Ron DuFresne On Thu, 20 Apr 2000, John Morey wrote:1) Is possible, using Linux, to setup a firewall such that it haspublic IP addresses on bothsides. I thought I read something about this some time back but I cannot find it now. If Iremember correctly the trick had to do with putting both networkinterfaces on the same networkbut giving the external interface a network mask of 255.255.255.252 andthe internal interfacea network mask of 255.255.255.0. 2) If the above is possible, is it advisable? What are the up anddowns as apposed to doing itthe "normal" way where the internal machines have private IP addresses? Thanks for any help or info, John Morey jmorey () mmintl com-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Firewall configuration questions. John Morey (Apr 20)
- Re: Firewall configuration questions. R. DuFresne (Apr 21)
- Re: Firewall configuration questions. Paul D. Robertson (Apr 26)
- Re: Firewall configuration questions. John Morey (Apr 27)
- Message not available
- Re: Firewall configuration questions. daN. (Apr 27)
- Message not available
- Re: Firewall configuration questions. daN. (Apr 28)
- Re: Firewall configuration questions. R. DuFresne (Apr 28)
- Re: Firewall configuration questions. daN. (Apr 27)
- <Possible follow-ups>
- Re: Firewall configuration questions. Rogue Bolo (Apr 26)