Sheldon, > I'm in a big bind. Our raptor firewall is toast,=20 > That said, now my boss wants to put in a linux firewall.=20
Congratulations -- you have a smart boss. Raptor is a good firewall, but for ROI, iptables puts it to shame. > I have the box on both networks and masquerading, so that you can go from= > the=20 > developer workstations to the development servers. However, the developme= > nt=20 > servers use to be on the yyy.yyy.yyy.yyy and the raptor firewall has been= > =20 > forwarding their old yyy.yyy.yyy.yyy addresses to the xxx.xxx.xxx.xxx=20 > addresses, but the raptor firewall is not the router or gateway for the=20 > yyy.yyy.yyy.yyy network. So, I'm not sure how I can do that on Linux. Has= > the=20 > raptor firewall been acting as a router as well? Do I need routed on Linu= > x? Okay, I'm a bit confused here: you said the box is connected to both networks, however it is not the gateway for the yyy network? I'm reading that as, that it is the gateway for the xxx network? What is the gateway for the yyy network? Is the new Linux box suppose to be firewall for both networks? I'm guessing the easiest solution will be a Linux box with three NICs: one for the xxx net (with an IP on the xxx net), one for the yyy net (again, with an IP on the yyy net), and a third connected to the outside world (with the appropriate external IP). You won't need to use routed. Just set the internal routing (use the route command) table to forward packets between the xxx and yyy networks. Turn on IP forwarding, and set up iptables to masquerade any addresses on the xxx or yyy networks as they come through. If this box is suppose to be the gateway for the xxx net, set the boxes on the xxx net to use it for such. Ditto for the yyy net. If either net has a different gateway, you can continue to use that, however I wouldn't recommend it: having multiple paths in or out of a network is just an increase in the number of points that you need to monitor and maintain. Hope this helps, Terry #include <stddisclaimer.h>
