[TriLUG] Firewall question....
Mike Johnson
mike at enoch.org
Tue Mar 19 20:37:26 EST 2002
prhodes at vdsinc.com [prhodes at vdsinc.com] wrote:
> So, my (first) question is: Can we tell a linux box to route packets
> from, say eth1 ( which has an address like 10.0.0.3 and is
> for the internal network ) out through eth0 ( which might have an address
> of 10.0.0.2 ) to the internal side of the other
> router? ( 10.0.0.1 ) My first hunch is to say no, because doing so, you'd
> essentially be telling it to "route" packets
> to the same network.
>
> Is my thinking on this correct, and if so, how do I get around it? Split
> the 10.x.x.x address range up, using subnetting?
Yes, subnet it. MAke your internal network 10.0.0.0/24, your DMZ
10.0.1.0/24, and your external net 10.0.2.0/24 (or something like this).
They'll need to be different networks so that in knows it needs to
route (assuming this isn't a bridging firewall).
Mike
--
"Let the power of Ponch compel you! Let the power of Ponch compel you!"
-- Zorak on Space Ghost
GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020319/6ecc7ece/attachment.pgp>
More information about the TriLUG
mailing list