From mboxrd@z Thu Jan 1 00:00:00 1970 From: "loong" Subject: firewall bridge , Vlan ? Date: Mon, 9 Jun 2003 11:46:59 +0800 Sender: netfilter-admin@lists.netfilter.org Message-ID: <039a01c32e39$ce5ab310$b401a8c0@ows5> References: <09B04A55822EFF4DA48D2E0BB2941D4A019266@wardrive.citadelcomputer.com.au> <005c01c32e38$380565f0$1500a8c0@expi> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0396_01C32E7C.D5CB78D0" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_0396_01C32E7C.D5CB78D0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable hi is there anywhere install bridge firewall and install vlan http://www.candelatech.com/~greear/vlan.html so that my firewall can run like netscreen without using hug or switch = to my webserver. currently is internet -- > eth0 firewall eth1 -- > hub ------> webserver 1 ------> webserver 2 is that anywhere i install few network card in my firewall then internet ---> eth0 firewall eth1 ----> webserver 1 eth2 -----> = webserver 2 eth3 -----> = webserver 3 thanks loong ----- Original Message -----=20 From: John Paul=20 To: George Vieira ; netfilter@lists.netfilter.org=20 Sent: Monday, June 09, 2003 11:35 AM Subject: Re: Problem Found! - Firewall Rule Thanks George. I have modified my network to (10.10.0.0/24).=20 Now, I'am able to ping the machines inside the network after connected = to the VPN. The problem now is, I'm not able to map/see machines in = Network Neighborhood except the VPN server. Any clue? =20 ----- Original Message -----=20 From: George Vieira=20 To: John Paul ; netfilter@lists.netfilter.org=20 Sent: Friday, June 06, 2003 8:56 AM Subject: RE: Problem Found! - Firewall Rule Your local IP is the same as the remote networks IP.. so how is the = local machine to know that 192.168.0.55 or 66 or 32 is on the VPN!? The only way I know is to proxyarp the ppp device that the vpn is = running on.. I'm assuming it's PPTP so you could try this command when = the VPN comes up : echo 1 > /proc/sys/net/ipv4/conf/$VPNDEV/proxy_arp and this must be done on the VPN server too.. I've never done it this way with a VPN.. but you can only try it.. I'm surprised that anything really works properly the way you've = done it because the firewall has 2 network devices with the same IP = range. Thanks, ____________________________________________ George Vieira Citadel Computer Systems Pty LtdSystems Managergeorgev AT = citadelcomputer DOT com DOT au Citadel Computer Systems Pty Ltd Phone : +61 2 9955 2644HelpDesk: +61 2 9955 = 2698http://www.citadelcomputer.com.au -----Original Message----- From: John Paul [mailto:john@pinoylinux.sytes.net] Sent: Friday, June 06, 2003 9:56 AM To: netfilter@lists.netfilter.org Subject: Problem Found! - Firewall Rule Hello Folks, its me again :( Below is my config. My problem is, I can connect to VPN but for some = reason, I cannot see machines inside the network after being connected. = Can somebody give me the simpliest firewall rule on this? just for me to = see the machines inside the network. Thanks! /JP ------=_NextPart_000_0396_01C32E7C.D5CB78D0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
hi
 
is there anywhere install bridge firewall and = install=20 vlan
http://www.candelat= ech.com/~greear/vlan.html
 
 
so that my firewall can run like netscreen without = using =20 hug or switch to my webserver.
 
currently is
internet -- > eth0 firewall   = eth1 --=20 >   hub ------> webserver 1
          &nbs= p;            = ;            =             &= nbsp;    =20 ------> webserver 2
 
is that anywhere i install few network card in my = firewall=20 then
 
internet = --->    eth0   =20 firewall   eth1 ---->    webserver = 1
          &nbs= p;            = ;            =             &= nbsp;    =20 eth2 ----->   webserver 2
          &nbs= p;            = ;            =             &= nbsp;     eth3=20 ----->  webserver 3
 
 
thanks
 
loong
 
 
 
 
 
 
 
 
 
----- Original Message -----
From:=20 John Paul
To: George Vieira ; netfilter@lists.netfilter.o= rg=20
Sent: Monday, June 09, 2003 = 11:35=20 AM
Subject: Re: Problem Found! - = Firewall=20 Rule

Thanks George. I have modified my = network to=20 (10.10.0.0/24).
 
Now, I'am able to ping the machines = inside the=20 network after connected to the VPN. The problem now is, I'm not able = to=20 map/see machines in Network Neighborhood except the VPN = server.
 
Any clue?      
 
 
----- Original Message -----
From:=20 George Vieira =
To: John Paul ; netfilter@lists.netfilter.o= rg=20
Sent: Friday, June 06, 2003 = 8:56=20 AM
Subject: RE: Problem Found! - = Firewall=20 Rule

Your local IP is the same as the remote networks IP.. so = how is the=20 local machine to know that 192.168.0.55 or 66 or 32 is on the=20 VPN!?
 
The only way I know is to proxyarp the ppp device that the = vpn is=20 running on.. I'm assuming it's PPTP so you could try this command = when the=20 VPN comes up :
echo 1 >=20 /proc/sys/net/ipv4/conf/$VPNDEV/proxy_arp
 
and this must be done on = the VPN=20 server too..
I've never done it this way with a VPN.. = but you=20 can only try it..
 
I'm surprised that anything really works = properly=20 the way you've done it because the firewall has 2 network devices = with the=20 same IP range.

Thanks,

 
____________________________________________George=20 Vieira
 Citadel=20 Computer Systems Pty Ltd Systems=20 Manager georgev=20 AT citadelcomputer DOT com DOT au
Citadel Computer Systems Pty Ltd
Phone : +61 2 9955=20 2644 HelpDesk: +61 2 9955=20 2698 http://www.citadelcomputer.co= m.au
 
 
-----Original Message-----
From: John Paul=20 [mailto:john@pinoylinux.sytes.net]
Sent: Friday, June 06, = 2003=20 9:56 AM
To: = netfilter@lists.netfilter.org
Subject:=20 Problem Found! - Firewall Rule

Hello Folks, its me again = :(
 
Below is my config. My problem is, I can connect to VPN but for = some=20 reason, I cannot see machines inside the network after being = connected. Can=20 somebody give me the simpliest firewall rule on this? just = for me=20 to see the machines inside the network.
 
Thanks!
/JP
 
------=_NextPart_000_0396_01C32E7C.D5CB78D0--