Tony,
I'm not sure if your diagram was distorted in transit,
but I do have a couple of questions reguarding the
configuration information you provided. 1) What is the
IP difference between Lan1 and Lan2? They both exist
in the same address range. 2) Why are both of your
firewall configured exactly the same? 3) What, or how
are your two Lan segments connected? Through [FW2]? If
so, then it seems like your addressing is off a bit.
I'd suggest something like:
-LAN2---[FW2]---LAN1---[FW1]-[Router]--(Internet)
Firewall 1:
-------------------------
External nic (VLAN):
ip: 10.0.0.1
mask: 255.255.255.0
gw: 10.0.0.2
Internal nic: (connecting to 192.168.10.x)
ip: 192.168.10.254
LAN1:
--------
192.168.10.x
GW 192.168.10.254
Firewall 2:
-------------------------
External nic (VLAN):
ip: 192.168.10.something
mask: 255.255.0.0
gw: 192.168.10.254 (since this interface is on Lan1,
use the upstream interface)
Internal nic: (connecting to 192.168.20.x)
ip: 192.168.(20).254
LAN2:
-------------------------
Workstations:
ip: 192.168.(20).x
gw 192.168.(20).254
Firewall 1:
-------------------------
External nic (VLAN):
ip: 10.0.0.1 (on the same segment of the router I'd
assume)
mask: 255.255.255.0
gw: 10.0.0.2 (the internal interface address of
router I'd assume)
Internal nic: (connecting to 192.168.10.x)
ip: 192.168.10.254
LAN1:
--------
192.168.10.x
GW 192.168.10.254 (the internal interface address of
[FW1])
Firewall 2:
-------------------------
External nic (VLAN):
ip: 192.168.10.something (I assume this interface is
on the same segment as the internal inteface of [FW1])
mask: 255.255.0.0
gw: 192.168.10.254 (since this interface is on Lan1,
use the upstream interface)
Internal nic: (connecting to 192.168.(20).x)
ip: 192.168.(20).254
LAN2:
-------------------------
Workstations:
ip: 192.168.(20).x
gw 192.168.(20).254 (the internal interface of [FW2])
--- "Tony Sun (KTHK)" <[EMAIL PROTECTED]>
wrote:
> Hi,
> I have a dual homed firewall running Guardian Pro.
> The following is the
> configuration:
>
> LAN2 ==>Firewall2==>
> >Firewall1======>Router==>internet
> LAN1====>
>
>
> Firewall 1:
> -------------------------
> External nic (VLAN):
> ip: 10.0.0.1
> mask: 255.255.255.0
> gw: 10.0.0.2
> Internal nic: (connecting to 192.168.10.x)
> ip: 192.168.10.254
>
> LAN1:
> --------
> 192.168.10.x
> GW 192.168.10.254
>
> Firewall 2:
> -------------------------
> External nic (VLAN):
> ip: 10.0.0.1
> mask: 255.255.255.0
> gw: 10.0.0.2
> Internal nic: (connecting to 192.168.10.x)
> ip: 192.168.10.254
>
> LAN2:
> -------------------------
> Workstations:
> ip: 192.168.10.x
> gw 192.168.10.254
>
>
> What I want to do is make the LAN2 workstations
> able to connect (Ping) to
> LAN1 workstations and vice versa.
> I have set the firewall2 to "allow pass all" in the
> rule.
>
> The LAN2 workstations can pass through the firewall
> and access internet, but
> no body (LAN1 and Internet) can get into (Ping) the
> LAN2 workstations. Why?
>
> What is the functionality of VLAN?
>
> What will be the IP of the Firewall2 as seen from
> LAN1?
>
> I am still a beginner in the firewall technology and
> comment is appreciated!
> Thanks
> Tony
>
__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.
http://shopping.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
