All of lore.kernel.org
 help / color / mirror / Atom feed
From: Rene Gallati <lartc@draxinusom.ch>
To: lartc@vger.kernel.org
Subject: [LARTC] Howto route through
Date: Sun, 31 Oct 2004 15:55:57 +0000	[thread overview]
Message-ID: <41850B0D.9000409@draxinusom.ch> (raw)

Hello list,

I'm having a little trouble imagining a setup I'll soon have.

I am in the process of getting a routed /28 to my homeLAN. What I want 
to do is to put a linux box in front of the lan to filter some of the 
unneeded and potential dangerous ports. Now the box has 2 nics, one for 
the inside one for the outside.

How should I go on to setup those NICs when
a) the PCs in the net should have their official IP address from the /28 net
and
b) the filtering linux box should at the same time have one IP address 
from the same range for some services it provides

The dilemma I see (maybe it is none but I just don't know)
if I put it this way that I have the IP of the /28er range on one nic 
and nothing to put on the other ?

Example: Range is 1.2.3.0/28 (1.2.3.0 - 1.2.3.15)

           eth0:  1.2.3.1   eth1: ???
---- Internet ------- FW Box ------ LAN (1.2.3.0/28)

The FW box should be reachable by both the hosts in the LAN as well as 
from the internet using the assigned IP. Don't I run into troubles 
having an IP on one NIC which does belong to a net that is located on 
the side of another NIC ?

I know that the most specific entry (full IP) overrides or wins over the 
less specific ones (the net) but does this setup work so that the LAN 
clients can access the FW box just like every other host on the 
internet? How do I configure eth1 ? Just bring it up without any IP at all?

Or should I better make the FW box a transparent bridge for the 
filtering with one IP where it reacts itself ?

Thanks for all hints

CU

René
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

             reply	other threads:[~2004-10-31 15:55 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-10-31 15:55 Rene Gallati [this message]
2004-10-31 17:32 ` [LARTC] Howto route through Stef Coene
2004-10-31 17:32 ` Chris Bennett
2004-11-01  2:47 ` gypsy
2004-11-01 14:44 ` Rene Gallati
2004-11-01 14:56 ` Rene Gallati
2004-11-01 15:11 ` Rene Gallati
2004-11-02 20:04 ` Stef Coene

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41850B0D.9000409@draxinusom.ch \
    --to=lartc@draxinusom.ch \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.