Firewall Wizards mailing list archives
Re: two networks same proxy server
From: "Paul D. Robertson" <proberts () patriot net>
Date: Mon, 24 Mar 2003 22:20:10 -0500 (EST)
On Mon, 24 Mar 2003, Robert E. Martin wrote:
This may be the wrong place to ask this but here goes.... I have two networks 192.168.98.x 192.168.99.x and one proxy server 192.168.99.10 I have a Linux box, Mandrake 7 with 3 interfaces eth0 eth1 eth2 The linux box runs ipchains as a firewall.... I want the 98 and 99 network to use the same proxy server. This proxy is an iPrism appliance. I have set ip routes inside of it to tell it where the networks are. 192.168.98.0 lives on eth2:1 192.168.99.x Also, I have tried secondary adresses on the interfaces: eth0 216.12.31 eth1 192.168.99 eth2 192.168.98 eth2:1 192.168.99
You can't have two interfaces with the same address, in this case, you've got both eth1 and eth2's shadow with the same address. It almost sounds like both the Linux box and the proxy are sitting on both networks, which is more than slightly confusing.
Clear as mud, right? I have tried to route across the box to the 98 network and had no luck. I am kind of new to the routing thing so any help would be appreciated.
If it's the Linux box is acting as the router, then it needs to have IP forwarding turned on, and it needs to be the gateway for the boxes it's routing for (with the appropriate interface address for the network its sitting on as the route.) It's own routing tables will handle the rest of it, but the interfaces need to not have the same IP address. There's probably a copy of the Linux Network Administration Guide by Olaf Kirch laying around the Net somewhere, and likely that or one of the newer LDP documents will help you. If the proxy is off of one leg of the Linux box, then some traffic will have to transit that box twice to get out (assuming the Linux box is the gateway out to the rest of the world,) so it should probably sit on the segment with the highest utilization. That is, if the bulk of the clients live on the .98 subnet *and* the proxy isn't vulnerable to attack from them, then it should probably live there too, so that the traffic doesn't have to go through the Linux box from client to proxy, then again from proxy to Internet. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- two networks same proxy server Robert E. Martin (Mar 24)
- Re: two networks same proxy server Devdas Bhagat (Mar 24)
- Re: two networks same proxy server Paul D. Robertson (Mar 24)