Re: [LARTC] Howto route through

[Rene Gallati <lartc@draxinusom.ch>]

Stef Coene wrote:

> On Sunday 31 October 2004 16:55, Rene Gallati wrote:
> 
>>Hello list,
>>
>>I'm having a little trouble imagining a setup I'll soon have.
>>
>>I am in the process of getting a routed /28 to my homeLAN. What I want
>>to do is to put a linux box in front of the lan to filter some of the
>>unneeded and potential dangerous ports. Now the box has 2 nics, one for
>>the inside one for the outside.
>>
>>How should I go on to setup those NICs when
>>a) the PCs in the net should have their official IP address from the /28
>>net and
>>b) the filtering linux box should at the same time have one IP address
>>from the same range for some services it provides
>>
>>The dilemma I see (maybe it is none but I just don't know)
>>if I put it this way that I have the IP of the /28er range on one nic
>>and nothing to put on the other ?
> 
> You can give the nics the same ip address.  Just be carefull with the routing, 
> you need the specify the nic when you add a route so the packets are going 
> out on the interface they have too.

Hm that is a solution, however how do I "attract" the traffic for the
PCs in the LAN? I can either assign all IPs as aliases which looks a bit
crude or use proxyArp or bridging to convey the traffic over from one
side to the other.

At the moment, transparent bridge filter looks like the best idea to me,
however the lan nic is a gigE card so I don't know if running it in
promiscous all the time would be a good idea.

CU

René

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/