Firewall Wizards mailing list archives

Re: Firewall on the same subnet

From: Luca Berra <bluca () comedia it>
Date: Sun, 5 Nov 2000 19:20:42 +0100

On Thu, Nov 02, 2000 at 02:36:38PM +0100, Ivo Janssen wrote:

In my case, an incoming ADSL line delivers a UTP cable that outputs
traffic for our whole assigned C class subnet (let's say 1.1.1.x)
Normally, I would just plug that into a switch and connect the 256
machines to it. But I want to put a firewall in between.

So my situation will be: (scenario 1)

  ADSL-ISP ----- DSLAM-port -----  firewall ---- internal network
                             
       <- external networks ->|<- 1.1.1.x network ->


1) you talk your adsl isp into putting a static route
for 1.1.1.0/24 thru your firewall

2) you use proxy arp

3) you set the external interface of the firewall in promisc.

which one is uglier?

L.

-- 
Luca Berra -- bluca () comedia it
    Communication Media & Services S.r.l.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Firewall on the same subnet Ivo Janssen (Nov 05)
- Re: Firewall on the same subnet Danny Rathjens (Nov 06)
- Re: Firewall on the same subnet Luca Berra (Nov 08)
- <Possible follow-ups>
- RE: Firewall on the same subnet Kehoe, Anthony (Nov 06)