[TriLUG] Firewall question....

prhodes at vdsinc.com prhodes at vdsinc.com
Tue Mar 19 20:09:33 EST 2002 

Ok guys 'n gals, here's a quick question for all you linux firewall
guru's....

Let's say I'm building a linux firewall.  I have 3 NIC's, one for the
internal network, one for the DMZ, and one
for the outside interface.  I'm setting this up behind the router which is
provided by our ISP, as an extra
level of security ( it may be redundant, as the ISP provided router already
does packet filtering, but it's
to make the boss happy ).

Anyway, our existing network is utilizing the 10.x.x.x address space.  The
internal interface on the
existing router is set to 10.0.0.1, and all of our network hosts have
addresses like 10.0.0.x ( we only have
about 30 machines on this network, FWIW ).  Right now we're using a netmask
of 255.255.255.0 ( I can't
really say why, BTW.  The old network admin set it up that way, and nobody
has felt like changing it ).

Now, the linux firewall we are building doesn't have to do any NAT /
masquerading, etc.  The router provided by
the ISP does that part.  All it has to do is route packets to the correct
interface ( DMZ or internal ) and do some packet
filtering.

So, my (first) question is:   Can we tell a linux box to route packets
from, say eth1 ( which has an address like 10.0.0.3 and is
for the internal network ) out through eth0 ( which might have an address
of 10.0.0.2 ) to the internal side of the other
router? ( 10.0.0.1 )  My first hunch is to say no, because doing so, you'd
essentially be telling it to "route" packets
to the same network.

Is my thinking on this correct, and if so, how do I get around it? Split
the 10.x.x.x address range up, using subnetting?
Or something different altogether?

Thanks in advance!


Phillip Rhodes
Application Designer
Voice Data Solutions
919-571-4300 x225
prhodes at vdsinc.com

America is at war with Afghanistan.  America has always been at war with
Afghanistan.  Russia is our ally.  Russia has always been our ally.

Read Orwell's 1984.  Read a newspaper.  Fear the future.

The history of liberty is a history of resistance. The history of liberty
is a history of limitations of governmental power, not the increase of it.
- Woodrow Wilson Speech in New York, September 9, 1912

Those who are willing to sacrifice essential liberties for a little order,
will lose both and deserve neither. - Benjamin Franklin

More information about the TriLUG mailing list