> -----Original Message-----
> From: Paul D. Robertson [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 24, 2001 1:50 PM
> To: JR Ponce de Leon
> Cc: [EMAIL PROTECTED]
> Subject: Re: Cisco Router as Bridge/Firewall.
>
>
> On Mon, 23 Apr 2001, JR Ponce de Leon wrote:
>
> > Hi everyone.
> >
> > Can somebody point me to a good documentation on how to
> setup a Cisco router
> > as a Bridge/Firewall?
>
> If you're just worried about being able to put your router inline, you
> should be able to use an IP unnumbered interface on the external side
> of your router and use "normal" extended access lists.
That's really....weird. Have you tested this, Paul?
Theoretically, I _think_ that should work. You'd need to:
(imaginary customer LAN IP is 128.1.1.0/24, ISP's router is 128.1.1.1)
1. Internal ethernet on customer router 128.1.1.2
2. Default gateway on clients 128.1.1.2
3. External interface on customer router unnumbered off inside interface
4. Static route 'ip route 128.1.1.1 255.255.255.255 eth0' (eth0 is outside)
5. Default gateway 128.1.1.1
6. Hope proxy arp works
7. Probably go to hell.
An alternative would be to use a spurious 1918 address on the outside, have
a default route pointing to an adjacent 1918 address and use a static arp
entry to relate the non-existant default router IP address with the real
router MAC address. But that's even uglier.
I don't have a 2621 spare in the lab at the moment, or I'd run this up. "JR
Ponce de Leon" - if you try to test this and have problems, feel free to
email me offlist - this looks like an ugly hack, and I like those ;).
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
