You can't do this. Reconsider your IP addressing, otherwise a bridge mode firewall is your only hope. I think ipfilter works in bridge mode... I won't go into the long, involved stuff - you could look for information on variable length subnet masks, netmasks, and maybe CIDR, then everything should make sense. Cheers, -- Ben Nagy Network Security Specialist Marconi Services Australia Pty Ltd Mb: +61 414 411 520 PGP Key ID: 0x1A86E304 > -----Original Message----- > From: jeremy cassidy [mailto:[EMAIL PROTECTED]] > Sent: Thursday, 22 February 2001 12:53 > To: Firewalls > Subject: > > > Heres a good one i think: > > Objective: Build a Bastion Host (Firewall) between an > Internal LAN and the > Internet > > Here's the scenario: > > Internal LAN: Client IP Range = 200.0.0.2 to 200.0.0.252 > > Firewall: Internal NIC (eth1) IP = 200.0.0.1 > Firewall: External NIC (eth0) IP = 200.0.0.253 > > Cisco Router (Default Gateway to Internet): IP = 200.0.0.254 > > The question is: > -Can I route the requests from the Internal LAN clients to > the Internet via > the firewall, WITHOUT changing the IPs? ( We don't want to > use a Private IP > Range. We also don't want to subnet the class C address) > > - If the answer is yes, how can you configure ipchains or > iptables to deal > with the fact that the internal and external interfaces are > on the same > subnet? > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
