From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rene Gallati Date: Sun, 31 Oct 2004 15:55:57 +0000 Subject: [LARTC] Howto route through Message-Id: <41850B0D.9000409@draxinusom.ch> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Hello list, I'm having a little trouble imagining a setup I'll soon have. I am in the process of getting a routed /28 to my homeLAN. What I want=20 to do is to put a linux box in front of the lan to filter some of the=20 unneeded and potential dangerous ports. Now the box has 2 nics, one for=20 the inside one for the outside. How should I go on to setup those NICs when a) the PCs in the net should have their official IP address from the /28 net and b) the filtering linux box should at the same time have one IP address=20 from the same range for some services it provides The dilemma I see (maybe it is none but I just don't know) if I put it this way that I have the IP of the /28er range on one nic=20 and nothing to put on the other ? Example: Range is 1.2.3.0/28 (1.2.3.0 - 1.2.3.15) eth0: 1.2.3.1 eth1: ??? ---- Internet ------- FW Box ------ LAN (1.2.3.0/28) The FW box should be reachable by both the hosts in the LAN as well as=20 from the internet using the assigned IP. Don't I run into troubles=20 having an IP on one NIC which does belong to a net that is located on=20 the side of another NIC ? I know that the most specific entry (full IP) overrides or wins over the=20 less specific ones (the net) but does this setup work so that the LAN=20 clients can access the FW box just like every other host on the=20 internet? How do I configure eth1 ? Just bring it up without any IP at all? Or should I better make the FW box a transparent bridge for the=20 filtering with one IP where it reacts itself ? Thanks for all hints CU Ren=E9 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/