Re: Need to replace a SonicWall firewall with an iptables firewall.

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Shaun T. Erickson" <ste@smxy.org>
To: ste@smxy.org
Cc: netfilter@lists.netfilter.org
Subject: Re: Need to replace a SonicWall firewall with an iptables firewall.
Date: Mon, 30 Aug 2004 14:41:01 -0400	[thread overview]
Message-ID: <413374BD.7050701@smxy.org> (raw)
In-Reply-To: <41334F72.4010402@smxy.org>

I wrote:

> However, I'm not sure how to handle the external network and the DMZ. We 
> have a /28 subnet from our ISP. Our router uses one address on the 
> subnet. From the router, you proceed to a switch, where three devices 
> are plugged in: a wireless access point, a VPN device, and the external 
> interface of the SonicWall firewall. All three devices have addresses on 
> the same /28 subnet as the router. Additionally, the SonicWall's DMZ 
> interface does not have and address assigned to it - it is somehow 
> logically bridged to the external interface. The systems in the DMZ are 
> also on the same /28 subnet. You tell the SonicWall which IP addresses 
> are in use in the DMZ, so that it knows which interface to send traffic 
> for that subnet out of. Internal traffice, heading out either the 
> external or DMZ interfaces of the SonicWall, appear to come from the 
> external address of the SonicWall. I have no idea how to replicate this 
> setup under iptables.

It occurs to me that I'm running out of IPs anyway, so maybe what I 
should do is get two subnets from my ISP: a subnet of 16 (14 usable) 
addresses for the router, the firewall's external interface, and 
everything in between, and a subnet of 32 (30 usable) addresses for my 
DMZ. That would work, yes?

	-ste

next prev parent reply	other threads:[~2004-08-30 18:41 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-30 16:01 Need to replace a SonicWall firewall with an iptables firewall Shaun T. Erickson
2004-08-30 18:41 ` Shaun T. Erickson [this message]
  -- strict thread matches above, loose matches on Subject: below --
2004-08-30 19:30 Jason Opperisano
2004-08-30 20:23 ` Shaun T. Erickson
2004-08-30 20:41 Jason Opperisano
2004-08-30 21:11 ` Shaun T. Erickson
2004-08-30 20:45 Jason Opperisano
2004-08-30 22:23 Daniel Chemko
2004-08-31  0:02 ` Nick Drage
2004-08-30 22:25 Jason Opperisano
2004-08-31 13:47 ` Shaun T. Erickson
2004-08-31 14:11 Jason Opperisano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=413374BD.7050701@smxy.org \
    --to=ste@smxy.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox